Lucene search

[email protected]NVD:CVE-2023-22816

HistoryJun 30, 2023 - 10:15 p.m.

CVE-2023-22816

2023-06-3022:15:09

CWE-77

[email protected]

web.nvd.nist.gov

vulnerability

cgi file

western digital

my cloud os 5

remote command injection

attack

file execution

security

payload

file redirection

device update

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.
This issue affects My Cloud OS 5 devices: before 5.26.300.

Affected configurations

NVD

Node

westerndigitalmy_cloudMatch-

westerndigitalmy_cloud_dl2100Match-

westerndigitalmy_cloud_dl4100Match-

westerndigitalmy_cloud_ex2_ultraMatch-

westerndigitalmy_cloud_ex2100Match-

westerndigitalmy_cloud_ex4100Match-

westerndigitalmy_cloud_mirror_g2Match-

westerndigitalmy_cloud_pr2100Match-

westerndigitalmy_cloud_pr4100Match-

westerndigitalwd_cloudMatch-

AND

westerndigitalmy_cloud_osRange<5.26.300

References

www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

Related for NVD:CVE-2023-22816

prion1 cve1 cvelist1 openvas1