CVE-2022-29843: Western Digital My Cloud OS 5 devices Command Injection Vulnerability
First published: Wed Jan 25 2023(Updated: )
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
Credit: psirt@wdc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital My Cloud Pr2100 Firmware | <5.26.119 | |
| Westerndigital My Cloud Pr2100 | ||
| Westerndigital My Cloud Pr4100 Firmware | <5.26.119 | |
| Westerndigital My Cloud Pr4100 | ||
| Westerndigital My Cloud Ex4100 Firmware | <5.26.119 | |
| Westerndigital My Cloud Ex4100 | ||
| Westerndigital My Cloud Ex2 Ultra Firmware | <5.26.119 | |
| Westerndigital My Cloud Ex2 Ultra | ||
| Westerndigital My Cloud Mirror G2 Firmware | <5.26.119 | |
| Westerndigital My Cloud Mirror G2 | ||
| Westerndigital My Cloud Dl2100 Firmware | <5.26.119 | |
| Westerndigital My Cloud Dl2100 | ||
| Westerndigital My Cloud Dl4100 Firmware | <5.26.119 | |
| Westerndigital My Cloud Dl4100 | ||
| Westerndigital My Cloud Ex2100 Firmware | <5.26.119 | |
| Westerndigital My Cloud Ex2100 |
Remedy
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29843?
The severity of CVE-2022-29843 is critical with a CVSS score of 9.8.
How does CVE-2022-29843 affect Western Digital My Cloud OS 5 devices?
CVE-2022-29843 affects Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119.
What is the impact of CVE-2022-29843?
CVE-2022-29843 allows an attacker to execute code in the context of the root user.
How can I fix CVE-2022-29843?
To fix CVE-2022-29843, update the firmware of your Western Digital My Cloud OS 5 device to version 5.26.119 or above.
Where can I find more information about CVE-2022-29843?
You can find more information about CVE-2022-29843 on the Western Digital support website.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/title
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/westerndigital
- canonical/westerndigital my cloud pr2100 firmware
- canonical/westerndigital my cloud pr2100
- canonical/westerndigital my cloud pr4100 firmware
- canonical/westerndigital my cloud pr4100
- canonical/westerndigital my cloud ex4100 firmware
- canonical/westerndigital my cloud ex4100
- canonical/westerndigital my cloud ex2 ultra firmware
- canonical/westerndigital my cloud ex2 ultra
- canonical/westerndigital my cloud mirror g2 firmware
- canonical/westerndigital my cloud mirror g2
- canonical/westerndigital my cloud dl2100 firmware
- canonical/westerndigital my cloud dl2100
- canonical/westerndigital my cloud dl4100 firmware
- canonical/westerndigital my cloud dl4100
- canonical/westerndigital my cloud ex2100 firmware
- canonical/westerndigital my cloud ex2100