CVE-2024-22170

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud versions prior to 5.29.102

Description: The issue is related to an improper restriction of operations within the bounds of a memory buffer in the Western Digital My Cloud ddns-start on Linux, allowing buffer overflow. This can enable attackers to execute arbitrary code. The vulnerability is associated with the Dynamic DNS client and can be exploited by remote attackers.

Recommendations: For versions prior to 5.29.102, update to version 5.29.102 to resolve the issue. As a temporary workaround, consider restricting access to the Dynamic DNS client to minimize the risk of exploitation. Avoid using the affected ddns-start service until the issue is resolved.