PT-2022-15762 · Western Digital · Western Digital My Cloud
Published
2022-01-17
·
Updated
2023-07-12
·
CVE-2022-22992
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud Devices (affected versions not specified)
Description
A command injection remote code execution issue was discovered that could allow an attacker to execute arbitrary system commands on the device. The issue was addressed by escaping individual arguments to shell functions coming from user input.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Western Digital My Cloud