2 matches found
CVE-2022-22994 Insufficient Verification of Data Authenticity Remote Code Execution Vulnerability on Western Digital My Cloud devices.
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks...
CVE-2022-22994
CVE-2022-22994 is a remote code execution in Western Digital My Cloud devices resulting from insufficient verification of data received via HTTP by the ConnectivityService. This allows a network-adjacent attacker to load and execute arbitrary code on affected NAS devices. The vulnerability is add...