4 matches found
CVE-2022-22991
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP...
CVE-2022-22991
creationtimestamp| type| source ---|---|--- 2022-01-14 00:18:55+00:00| seen| https://t.me/cibsecurity/35456...
CVE-2022-22991 Command injection through unsecured HTTP calls on Western Digital My Cloud devices
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP...
CVE-2022-22991
CVE-2022-22991 affects Western Digital My Cloud devices running My Cloud OS 5. The issue enables a command injection via DNS spoofing to force loading over HTTP, due to insufficient validation of a user-supplied string before a system call. It is described as network-adjacent remote code executio...