A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.
This issue affects My Cloud OS 5 devices: before 5.26.300.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Jul 2023, 23:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:* |
|
CWE | CWE-77 | |
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300 - Vendor Advisory | |
First Time |
Westerndigital my Cloud Mirror G2
Westerndigital my Cloud Dl2100 Westerndigital my Cloud Pr2100 Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Pr4100 Westerndigital wd Cloud Westerndigital my Cloud Dl4100 Westerndigital my Cloud Ex2100 Westerndigital my Cloud Os Westerndigital my Cloud Westerndigital my Cloud Ex4100 Westerndigital |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
30 Jun 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-30 22:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-22816
Mitre link : CVE-2023-22816
CVE.ORG link : CVE-2023-22816
JSON object : View
Products Affected
westerndigital
- my_cloud_dl2100
- my_cloud_os
- my_cloud_pr4100
- my_cloud_mirror_g2
- my_cloud_ex2100
- my_cloud_ex2_ultra
- my_cloud
- my_cloud_ex4100
- my_cloud_dl4100
- wd_cloud
- my_cloud_pr2100
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')