First published: Mon Jul 25 2022(Updated: )
The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Pr2100 Firmware | <5.23.114 | |
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 Firmware | <5.23.114 | |
Westerndigital My Cloud Pr4100 | ||
Westerndigital My Cloud Ex4100 Firmware | <5.23.114 | |
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Ex2 Ultra Firmware | <5.23.114 | |
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Mirror G2 Firmware | <5.23.114 | |
Westerndigital My Cloud Mirror G2 | ||
Westerndigital My Cloud Dl2100 Firmware | <5.23.114 | |
Westerndigital My Cloud Dl2100 | ||
Westerndigital My Cloud Dl4100 Firmware | <5.23.114 | |
Westerndigital My Cloud Dl4100 | ||
Westerndigital My Cloud Ex2100 Firmware | <5.23.114 | |
Westerndigital My Cloud Ex2100 | ||
Westerndigital My Cloud Firmware | <5.23.114 | |
Westerndigital My Cloud |
To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-23000 is high.
The affected software for CVE-2022-23000 is Western Digital My Cloud Pr2100 Firmware, Western Digital My Cloud Pr4100 Firmware, Western Digital My Cloud Ex4100 Firmware, Western Digital My Cloud Ex2 Ultra Firmware, Western Digital My Cloud Mirror G2 Firmware, Western Digital My Cloud Dl2100 Firmware, Western Digital My Cloud Dl4100 Firmware, Western Digital My Cloud Ex2100 Firmware, and Western Digital My Cloud Firmware.
CVE-2022-23000 impacts the Western Digital My Cloud Web App by using a weak SSLContext when attempting to configure port forwarding rules.
The Western Digital My Cloud Web App uses a weak SSLContext to maintain compatibility with old or outdated home routers.
To fix CVE-2022-23000, it is recommended to update to a version higher than 5.23.114 of the Western Digital My Cloud firmware.