CVE-CVE-2022-29843 | MEDIUM Severity | CVEDatabase.com

Description

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector: local
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-78CWE-78

Metadata

Primary Vendor: WESTERNDIGITAL
Published: 1/26/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

westerndigital : my_cloud_pr2100_firmwarewesterndigital : my_cloud_pr4100_firmwarewesterndigital : my_cloud_ex4100_firmwarewesterndigital : my_cloud_ex2_ultra_firmwarewesterndigital : my_cloud_mirror_g2_firmwarewesterndigital : my_cloud_dl2100_firmwarewesterndigital : my_cloud_dl4100_firmwarewesterndigital : my_cloud_ex2100_firmware

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD