CVE-2022-29844

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud OS versions prior to 5.26.119

Description The issue is related to the FTP service, where an incorrect restriction of a directory path name with limited access allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise, giving the attacker remote execution capabilities. The vulnerability is associated with the FTP service of Western Digital My Cloud OS, where exploitation can allow a remote attacker to gain full access to the device and execute arbitrary code.

Recommendations For versions prior to 5.26.119, update the firmware to version 5.26.119 or later to resolve the issue. As a temporary workaround, consider disabling the FTP service until a patch is available. Restrict access to the FTP server to minimize the risk of exploitation.