CVE-2022-22994

Sažetak

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP.

Reference

https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117
https://www.zerodayinitiative.com/advisories/ZDI-22-349/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-03-2022 - 16:37

Objavljeno

28-01-2022 - 20:15