PT-2023-3269 · Western Digital · Western Digital My Cloud Os 5
Noam Moshe
+3
·
Published
2023-01-10
·
Updated
2023-06-08
·
CVE-2022-29841
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud OS 5 versions prior to 5.26.119
Description
The issue is caused by a command that reads files from a privileged location and creates a system command without sanitizing the read data, leading to an OS Command Injection vulnerability. This vulnerability can be triggered remotely by an attacker to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.
Recommendations
For Western Digital My Cloud OS 5 versions prior to 5.26.119, update to version 5.26.119 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable command to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Western Digital My Cloud Os 5