First published: Wed May 10 2023(Updated: )
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Os | >=5.02.104<5.26.119 | |
Westerndigital My Cloud | ||
Westerndigital My Cloud Dl2100 | ||
Westerndigital My Cloud Dl4100 | ||
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Ex2100 | ||
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Mirror G2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 | ||
Westerndigital Wd Cloud |
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29842 is an improper neutralization of special elements used in a command (command injection) vulnerability in Western Digital My Cloud OS 5 devices.
The severity of CVE-2022-29842 is critical with a CVSS score of 9.8.
CVE-2022-29842 affects Western Digital My Cloud OS 5 devices before version 5.26.119.
An attacker can exploit CVE-2022-29842 by executing code in the context of the root user on a vulnerable CGI file.
To fix CVE-2022-29842, update Western Digital My Cloud OS 5 devices to version 5.26.119 or later.