Vulnerability Description
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Os | < 5.25.124 |
| Westerndigital | My Cloud | - |
| Westerndigital | My Cloud Dl2100 | - |
| Westerndigital | My Cloud Dl4100 | - |
| Westerndigital | My Cloud Ex2 Ultra | - |
| Westerndigital | My Cloud Ex2100 | - |
| Westerndigital | My Cloud Ex4100 | - |
| Westerndigital | My Cloud Mirror G2 | - |
| Westerndigital | My Cloud Pr2100 | - |
| Westerndigital | My Cloud Pr4100 | - |
| Westerndigital | Wd Cloud | - |
Related Weaknesses (CWE)
References
- https://www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmwVendor Advisory
- https://www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmwVendor Advisory
FAQ
What is CVE-2022-29838?
CVE-2022-29838 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a devic...
How severe is CVE-2022-29838?
CVE-2022-29838 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29838?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Os, Westerndigital My Cloud, Westerndigital My Cloud Dl2100, Westerndigital My Cloud Dl4100, Westerndigital My Cloud Ex2 Ultra.