First published: Thu Jan 13 2022(Updated: )
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.
Credit: psirt@wdc.com psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Os | <5.19.117 | |
Westerndigital My Cloud | ||
Westerndigital My Cloud Dl2100 | ||
Westerndigital My Cloud Dl4100 | ||
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Ex2100 | ||
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Mirror Gen 2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 | ||
Westerndigital Wd Cloud |
Update your My Cloud device to firmware version 5.19.117.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-22989.
The severity of CVE-2022-22989 is critical with a CVSS score of 9.8.
My Cloud OS 5 versions up to and excluding 5.19.117 are affected by CVE-2022-22989.
CVE-2022-22989 can be exploited by unauthenticated attackers on the network.
The vulnerability has been addressed by adding defenses against stack overflow issues.