CVE-2022-29844: Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp
First published: Wed Jan 25 2023(Updated: )
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Credit: psirt@wdc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| westerndigital My Cloud pr2100 firmware | <5.26.119 | |
| westerndigital My Cloud pr2100 | ||
| westerndigital My Cloud pr4100 firmware | <5.26.119 | |
| westerndigital My Cloud pr4100 | ||
| westerndigital My Cloud ex4100 firmware | <5.26.119 | |
| westerndigital My Cloud ex4100 | ||
| westerndigital My Cloud ex2 ultra firmware | <5.26.119 | |
| westerndigital My Cloud ex2 ultra | ||
| Western Digital My Cloud Mirror Gen 2 Firmware | <5.26.119 | |
| Western Digital My Cloud Mirror Gen 2 | ||
| westerndigital My Cloud dl2100 firmware | <5.26.119 | |
| westerndigital My Cloud dl2100 | ||
| westerndigital My Cloud dl4100 firmware | <5.26.119 | |
| westerndigital My Cloud dl4100 | ||
| westerndigital My Cloud ex2100 firmware | <5.26.119 | |
| westerndigital My Cloud ex2100 |
Remedy
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-29844?
CVE-2022-29844 is a vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119.
How does CVE-2022-29844 impact Western Digital My Cloud OS 5 devices?
CVE-2022-29844 allows an attacker to read and write arbitrary files, potentially leading to a full NAS compromise and remote execution capabilities.
What is the severity of CVE-2022-29844?
CVE-2022-29844 has a severity rating of 9.8 (Critical).
Which Western Digital My Cloud devices are affected by CVE-2022-29844?
CVE-2022-29844 affects Western Digital My Cloud PR2100, PR4100, EX4100, EX2 Ultra, Mirror G2, DL2100, DL4100, and Ex2100 devices with firmware versions prior to 5.26.119.
How can I fix CVE-2022-29844?
To fix CVE-2022-29844, update the firmware of your Western Digital My Cloud OS 5 device to version 5.26.119 or later. It is recommended to regularly check for firmware updates and apply them promptly to ensure security.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/westerndigital
- canonical/westerndigital my cloud pr2100 firmware
- canonical/westerndigital my cloud pr2100
- canonical/westerndigital my cloud pr4100 firmware
- canonical/westerndigital my cloud pr4100
- canonical/westerndigital my cloud ex4100 firmware
- canonical/westerndigital my cloud ex4100
- canonical/westerndigital my cloud ex2 ultra firmware
- canonical/westerndigital my cloud ex2 ultra
- canonical/western digital my cloud mirror gen 2 firmware
- canonical/western digital my cloud mirror gen 2
- canonical/westerndigital my cloud dl2100 firmware
- canonical/westerndigital my cloud dl2100
- canonical/westerndigital my cloud dl4100 firmware
- canonical/westerndigital my cloud dl4100
- canonical/westerndigital my cloud ex2100 firmware
- canonical/westerndigital my cloud ex2100