First published: Wed Jan 25 2023(Updated: )
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Pr2100 Firmware | <5.26.119 | |
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 Firmware | <5.26.119 | |
Westerndigital My Cloud Pr4100 | ||
Westerndigital My Cloud Ex4100 Firmware | <5.26.119 | |
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Ex2 Ultra Firmware | <5.26.119 | |
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Mirror G2 Firmware | <5.26.119 | |
Westerndigital My Cloud Mirror G2 | ||
Westerndigital My Cloud Dl2100 Firmware | <5.26.119 | |
Westerndigital My Cloud Dl2100 | ||
Westerndigital My Cloud Dl4100 Firmware | <5.26.119 | |
Westerndigital My Cloud Dl4100 | ||
Westerndigital My Cloud Ex2100 Firmware | <5.26.119 | |
Westerndigital My Cloud Ex2100 |
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-29843 is critical with a CVSS score of 9.8.
CVE-2022-29843 affects Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119.
CVE-2022-29843 allows an attacker to execute code in the context of the root user.
To fix CVE-2022-29843, update the firmware of your Western Digital My Cloud OS 5 device to version 5.26.119 or above.
You can find more information about CVE-2022-29843 on the Western Digital support website.