CVE-2022-29844

moderate-risk
Published 2023-01-26

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

Do I need to act?

!
58.4% chance of exploitation in next 30 days
EPSS score — higher than 42% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / HIGH complexity

Affected Products (8)

My Cloud Pr2100 Firmware
My Cloud Ex4100 Firmware
My Cloud Ex2 Ultra Firmware
My Cloud Mirror G2 Firmware
My Cloud Dl2100 Firmware
My Cloud Dl4100 Firmware
My Cloud Ex2100 Firmware

Affected Vendors

Westerndigital

References (2)

Vendor Advisory https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud...
Vendor Advisory https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud...
49
/ 100
moderate-risk
Severity 17/34 · Moderate
Exploitability 18/34 · Moderate
Exposure 14/34 · Moderate