cbcvebase.
CVE-2022-29838
published 2022-12-09

CVE-2022-29838: Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the…

PriorityP419medium4.6CVSS 3.1
AVPACLPRNUINSUCHINAN
EPSS
0.26%
17.7th percentile
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

Affected

2 ranges
VendorProductVersion rangeFixed in
western_digitalmy_cloud>= My Cloud < 5.25.1245.25.124
westerndigitalmy_cloud_os< 5.25.1245.25.124
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.