CVE-2023-22816

Name of the Vulnerable Software and Affected Versions My Cloud OS 5 versions prior to 5.26.300

Description The issue is related to a lack of data cleaning measures at the management level in My Cloud OS, which can be exploited by a remote attacker to execute arbitrary commands. Specifically, it is a post-authentication remote command injection vulnerability in a CGI file that could allow an attacker to build files with redirects and execute larger payloads.

Recommendations For My Cloud OS 5 versions prior to 5.26.300, update to version 5.26.300 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable CGI file until a patch is applied. Avoid using the vulnerable CGI file in the affected API endpoint until the issue is resolved.