First published: Wed Jan 25 2023(Updated: )
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Pr2100 Firmware | <5.26.119 | |
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 Firmware | <5.26.119 | |
Westerndigital My Cloud Pr4100 | ||
Westerndigital My Cloud Ex4100 Firmware | <5.26.119 | |
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Ex2 Ultra Firmware | <5.26.119 | |
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Mirror G2 Firmware | <5.26.119 | |
Westerndigital My Cloud Mirror G2 | ||
Westerndigital My Cloud Dl2100 Firmware | <5.26.119 | |
Westerndigital My Cloud Dl2100 | ||
Westerndigital My Cloud Dl4100 Firmware | <5.26.119 | |
Westerndigital My Cloud Dl4100 | ||
Westerndigital My Cloud Ex2100 Firmware | <5.26.119 | |
Westerndigital My Cloud Ex2100 |
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29844 is a vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119.
CVE-2022-29844 allows an attacker to read and write arbitrary files, potentially leading to a full NAS compromise and remote execution capabilities.
CVE-2022-29844 has a severity rating of 9.8 (Critical).
CVE-2022-29844 affects Western Digital My Cloud PR2100, PR4100, EX4100, EX2 Ultra, Mirror G2, DL2100, DL4100, and Ex2100 devices with firmware versions prior to 5.26.119.
To fix CVE-2022-29844, update the firmware of your Western Digital My Cloud OS 5 device to version 5.26.119 or later. It is recommended to regularly check for firmware updates and apply them promptly to ensure security.