Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
22 May 2023, 18:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 - Vendor Advisory | |
First Time |
Westerndigital my Cloud Mirror G2
Westerndigital my Cloud Pr2100 Westerndigital my Cloud Pr4100 Westerndigital my Cloud Ex4100 Westerndigital wd Cloud Westerndigital my Cloud Ex2100 Westerndigital my Cloud Westerndigital my Cloud Os Westerndigital my Cloud Dl2100 Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Dl4100 Westerndigital |
10 May 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-10 22:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-29841
Mitre link : CVE-2022-29841
CVE.ORG link : CVE-2022-29841
JSON object : View
Products Affected
westerndigital
- my_cloud_pr4100
- wd_cloud
- my_cloud_ex4100
- my_cloud_os
- my_cloud_dl2100
- my_cloud
- my_cloud_dl4100
- my_cloud_mirror_g2
- my_cloud_pr2100
- my_cloud_ex2_ultra
- my_cloud_ex2100
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')