Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp
CVE-2022-29844

6.7MEDIUM

Key Information:

Vendor: Western Digital
Status: My Cloud
Vendor: CVE Published:; 26 January 2023

🔔 Create Western Digital Vulnerability Alert

What is CVE-2022-29844?

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

My Cloud Linux My Cloud OS 5 < 5.26.119

References

https://www.westerndigital.com/en-in/support/product-secu...

EPSS Score

58% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Apr 27, 2022

Credit

Luca MORO (@johncool__) - moro.luca@gmail.comworking with Trend Micro Zero Day Initiative

JSON

Western Digital

What is CVE-2022-29844?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.