PT-2022-15760 · Western Digital · Western Digital My Cloud
S_N_T
+1
·
Published
2022-01-13
·
Updated
2023-07-11
·
CVE-2022-22990
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud (affected versions not specified)
Description
A limited authentication bypass issue was discovered, allowing an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. The issue was addressed by changing access token validation logic and rewriting rule logic on PHP scripts.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Western Digital My Cloud