A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
References
| Link | Resource |
|---|---|
| https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
History
01 Feb 2023, 16:48
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-22 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | (MISC) https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 - Vendor Advisory | |
| CPE | cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:* |
|
| First Time |
Westerndigital
Westerndigital my Cloud Dl4100 Westerndigital my Cloud Pr2100 Firmware Westerndigital my Cloud Pr4100 Firmware Westerndigital my Cloud Mirror G2 Firmware Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Mirror G2 Westerndigital my Cloud Ex4100 Westerndigital my Cloud Dl2100 Firmware Westerndigital my Cloud Dl2100 Westerndigital my Cloud Ex2100 Westerndigital my Cloud Ex2100 Firmware Westerndigital my Cloud Ex4100 Firmware Westerndigital my Cloud Pr4100 Westerndigital my Cloud Pr2100 Westerndigital my Cloud Dl4100 Firmware Westerndigital my Cloud Ex2 Ultra Firmware |
26 Jan 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-01-26 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-29844
Mitre link : CVE-2022-29844
CVE.ORG link : CVE-2022-29844
JSON object : View
Products Affected
westerndigital
- my_cloud_ex2_ultra
- my_cloud_ex2100
- my_cloud_pr4100
- my_cloud_ex2100_firmware
- my_cloud_dl4100_firmware
- my_cloud_ex4100
- my_cloud_dl2100
- my_cloud_dl2100_firmware
- my_cloud_pr4100_firmware
- my_cloud_dl4100
- my_cloud_mirror_g2
- my_cloud_ex4100_firmware
- my_cloud_mirror_g2_firmware
- my_cloud_ex2_ultra_firmware
- my_cloud_pr2100_firmware
- my_cloud_pr2100