First published: Tue Jul 12 2022(Updated: )
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Home Duo Firmware | <8.5.1-102 | |
Westerndigital My Cloud Home Duo | ||
Linux Linux kernel | ||
Westerndigital My Cloud Home Firmware | <8.5.1-102 | |
Westerndigital My Cloud Home |
My Cloud Home devices have been automatically updated to resolve this vulnerability
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22997 is a remote code execution vulnerability in My Cloud Home devices.
CVE-2022-22997 allows an attacker to execute unsigned code on My Cloud Home devices by exploiting a command injection vulnerability and accessing the AWS S3 bucket.
CVE-2022-22997 has a severity rating of 9.8, which is considered critical.
My Cloud Home devices with firmware versions up to 8.5.1-102 are affected by CVE-2022-22997.
To fix CVE-2022-22997, update your My Cloud Home device firmware to version 8.7.0-107 or later. Check the provided link for more information.