Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
18 May 2023, 21:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Westerndigital my Cloud Mirror G2
Westerndigital my Cloud Pr2100 Westerndigital my Cloud Pr4100 Westerndigital my Cloud Ex4100 Westerndigital wd Cloud Westerndigital my Cloud Ex2100 Westerndigital my Cloud Westerndigital my Cloud Os Westerndigital my Cloud Dl2100 Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Dl4100 Westerndigital |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 - Vendor Advisory | |
CWE | CWE-77 |
10 May 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. |
10 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-10 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-29842
Mitre link : CVE-2022-29842
CVE.ORG link : CVE-2022-29842
JSON object : View
Products Affected
westerndigital
- my_cloud_dl4100
- my_cloud_ex2100
- my_cloud_mirror_g2
- my_cloud_pr4100
- my_cloud_ex4100
- my_cloud
- wd_cloud
- my_cloud_os
- my_cloud_ex2_ultra
- my_cloud_dl2100
- my_cloud_pr2100
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')