CVE-2023-22816: Limited Post-Authentication Remote Command Injection in My Cloud Products
First published: Fri Jun 30 2023(Updated: )
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.
Credit: psirt@wdc.com psirt@wdc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital My Cloud Os | <5.26.300 | |
| Westerndigital My Cloud | ||
| Westerndigital My Cloud Dl2100 | ||
| Westerndigital My Cloud Dl4100 | ||
| Westerndigital My Cloud Ex2 Ultra | ||
| Westerndigital My Cloud Ex2100 | ||
| Westerndigital My Cloud Ex4100 | ||
| Westerndigital My Cloud Mirror G2 | ||
| Westerndigital My Cloud Pr2100 | ||
| Westerndigital My Cloud Pr4100 | ||
| Westerndigital Wd Cloud | ||
| All of | ||
| Any of | ||
| Westerndigital My Cloud | ||
| Westerndigital My Cloud Dl2100 | ||
| Westerndigital My Cloud Dl4100 | ||
| Westerndigital My Cloud Ex2 Ultra | ||
| Westerndigital My Cloud Ex2100 | ||
| Westerndigital My Cloud Ex4100 | ||
| Westerndigital My Cloud Mirror G2 | ||
| Westerndigital My Cloud Pr2100 | ||
| Westerndigital My Cloud Pr4100 | ||
| Westerndigital Wd Cloud | ||
| Westerndigital My Cloud Os | <5.26.300 |
Remedy
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22816?
CVE-2023-22816 is a post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads.
Which devices are affected by CVE-2023-22816?
This vulnerability affects Western Digital My Cloud OS 5 devices before version 5.26.300.
What is the severity level of CVE-2023-22816?
CVE-2023-22816 has a severity level of 8.8 (high).
How can I fix CVE-2023-22816?
To fix CVE-2023-22816, you should update your Western Digital My Cloud OS 5 device to version 5.26.300 or later.
Where can I find more information about CVE-2023-22816?
You can find more information about CVE-2023-22816 on the Western Digital support website at https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300.
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/references
- agent/title
- agent/last-modified-date
- agent/author
- agent/severity
- agent/softwarecombine
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/westerndigital
- canonical/westerndigital my cloud os
- canonical/westerndigital my cloud
- canonical/westerndigital my cloud dl2100
- canonical/westerndigital my cloud dl4100
- canonical/westerndigital my cloud ex2 ultra
- canonical/westerndigital my cloud ex2100
- canonical/westerndigital my cloud ex4100
- canonical/westerndigital my cloud mirror g2
- canonical/westerndigital my cloud pr2100
- canonical/westerndigital my cloud pr4100
- canonical/westerndigital wd cloud