CVE-2023-22815

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...

PT-2023-3460 · Western Digital · My Cloud Os

Name of the Vulnerable Software and Affected Versions: My Cloud OS 5 versions prior to 5.26.300 Description: The issue is related to a lack of data cleaning measures at the management level in My Cloud OS, which can be exploited by a remote attacker to execute arbitrary commands. Specifically, it...