CVE-2022-22992
Summary
| CVE | CVE-2022-22992 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-28 20:15:00 UTC |
| Updated | 2023-07-11 20:21:00 UTC |
| Description | A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input. |
Risk And Classification
Problem Types: CWE-116
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Westerndigital | My Cloud | - | All | All | All |
| Hardware | Westerndigital | My Cloud Dl2100 | - | All | All | All |
| Hardware | Westerndigital | My Cloud Dl4100 | - | All | All | All |
| Hardware | Westerndigital | My Cloud Ex2100 | - | All | All | All |
| Hardware | Westerndigital | My Cloud Ex2 Ultra | - | All | All | All |
| Hardware | Westerndigital | My Cloud Ex4100 | - | All | All | All |
| Hardware | Westerndigital | My Cloud Mirror Gen 2 | - | All | All | All |
| Operating System | Westerndigital | My Cloud Os | All | All | All | All |
| Hardware | Westerndigital | My Cloud Pr2100 | - | All | All | All |
| Hardware | Westerndigital | My Cloud Pr4100 | - | All | All | All |
| Hardware | Westerndigital | Wd Cloud | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WDC-22002 My Cloud OS 5 Firmware 5.19.117 | Western Digital | MISC | www.westerndigital.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Reported By: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro’s Zero Day Initiative
There are currently no legacy QID mappings associated with this CVE.