Vulnerability Description
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Os | < 5.19.117 |
| Westerndigital | My Cloud | - |
| Westerndigital | My Cloud Dl2100 | - |
| Westerndigital | My Cloud Dl4100 | - |
| Westerndigital | My Cloud Ex2 Ultra | - |
| Westerndigital | My Cloud Ex2100 | - |
| Westerndigital | My Cloud Ex4100 | - |
| Westerndigital | My Cloud Mirror Gen 2 | - |
| Westerndigital | My Cloud Pr2100 | - |
| Westerndigital | My Cloud Pr4100 | - |
| Westerndigital | Wd Cloud | - |
Related Weaknesses (CWE)
References
- https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-fVendor Advisory
- https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-fVendor Advisory
FAQ
What is CVE-2022-22992?
CVE-2022-22992 is a vulnerability with a CVSS score of 7.8 (HIGH). A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerab...
How severe is CVE-2022-22992?
CVE-2022-22992 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22992?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Os, Westerndigital My Cloud, Westerndigital My Cloud Dl2100, Westerndigital My Cloud Dl4100, Westerndigital My Cloud Ex2 Ultra.