CVE-2022-29838
published 2022-12-09CVE-2022-29838: Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the…
PriorityP419medium4.6CVSS 3.1
AVPACLPRNUINSUCHINAN
EPSS
0.26%
17.7th percentile
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| western_digital | my_cloud | >= My Cloud < 5.25.124 | 5.25.124 |
| westerndigital | my_cloud_os | < 5.25.124 | 5.25.124 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Western Digital My Cloud up to 5.10.122 on Linux Encrypted Pages improper authentication (EUVD-2022-34156)
vuldb·2026-05-23·CVSS 4.6
CVE-2022-29838 [MEDIUM] Western Digital My Cloud up to 5.10.122 on Linux Encrypted Pages improper authentication (EUVD-2022-34156)
A vulnerability categorized as critical has been discovered in Western Digital My Cloud on Linux. This issue affects some unknown processing of the component Encrypted Pages Handler. Executing a manipulation can lead to improper authentication.
This vulnerability is registered as CVE-2022-29838. The physical device can be targeted for the attack. No exploit is available.
It is advisable to upgrade the affected component.
GHSA
GHSA-cqwg-qq7j-c4fr: Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct acce
ghsa_unreviewed·2022-12-09
CVE-2022-29838 [MEDIUM] CWE-287 GHSA-cqwg-qq7j-c4fr: Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct acce
Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-09
Published