CVE-2022-29843: Western Digital My Cloud OS 5 devices Command Injection Vulnerability
First published: Wed Jan 25 2023(Updated: )
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
Credit: psirt@wdc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Western Digital My Cloud PR2100 Firmware | <5.26.119 | |
| Western Digital My Cloud PR2100 Firmware | ||
| Western Digital My Cloud PR4100 Firmware | <5.26.119 | |
| Western Digital My Cloud PR4100 | ||
| Western Digital My Cloud EX4100 Firmware | <5.26.119 | |
| Western Digital My Cloud EX4100 Firmware | ||
| Western Digital My Cloud EX2 Ultra Firmware | <5.26.119 | |
| Western Digital My Cloud EX2 Ultra Firmware | ||
| Western Digital My Cloud Mirror Gen 2 Firmware | <5.26.119 | |
| Western Digital My Cloud Mirror Gen 2 | ||
| Western Digital My Cloud DL2100 Firmware | <5.26.119 | |
| Western Digital My Cloud DL2100 Firmware | ||
| Western Digital My Cloud DL4100 Firmware | <5.26.119 | |
| Western Digital My Cloud DL4100 Firmware | ||
| Western Digital My Cloud EX2100 Firmware | <5.26.119 | |
| Western Digital My Cloud EX2100 Firmware |
Remedy
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29843?
The severity of CVE-2022-29843 is critical with a CVSS score of 9.8.
How does CVE-2022-29843 affect Western Digital My Cloud OS 5 devices?
CVE-2022-29843 affects Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119.
What is the impact of CVE-2022-29843?
CVE-2022-29843 allows an attacker to execute code in the context of the root user.
How can I fix CVE-2022-29843?
To fix CVE-2022-29843, update the firmware of your Western Digital My Cloud OS 5 device to version 5.26.119 or above.
Where can I find more information about CVE-2022-29843?
You can find more information about CVE-2022-29843 on the Western Digital support website.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/title
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/westerndigital
- canonical/western digital my cloud pr2100 firmware
- canonical/western digital my cloud pr4100 firmware
- canonical/western digital my cloud pr4100
- canonical/western digital my cloud ex4100 firmware
- canonical/western digital my cloud ex2 ultra firmware
- canonical/western digital my cloud mirror gen 2 firmware
- canonical/western digital my cloud mirror gen 2
- canonical/western digital my cloud dl2100 firmware
- canonical/western digital my cloud dl4100 firmware
- canonical/western digital my cloud ex2100 firmware