Lucene search

WDC PSIRTCVELIST:CVE-2022-29844

HistoryJan 25, 2023 - 12:00 a.m.

CVE-2022-29844 Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp

2023-01-2500:00:00

CWE-23

WDC PSIRT

www.cve.org

wd my cloud

ftp

vulnerability

file read

file write

firmware

nas compromise

remote execution

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

CNA Affected

[
  {
    "vendor": "Western Digital",
    "product": "My Cloud",
    "versions": [
      {
        "version": "My Cloud OS 5",
        "status": "affected",
        "lessThan": "5.26.119",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Linux"
    ]
  }
]

References

www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVELIST:CVE-2022-29844