Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-29844Relative Path Traversal in Digital MY Cloud

CWE-23Relative Path TraversalCWE-22Path Traversal6 documents4 sources
Severity
9.8CRITICALNVD
EPSS
58.4%
top 1.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
9
Western Digital MY CloudWesterndigital MY Cloud Dl2100 FirmwareWesterndigital MY Cloud Dl4100 Firmware+6 more
Timeline
PublishedJan 26
Latest updateApr 20

Description

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

🔴Vulnerability Details

1
GHSA
GHSA-6r45-66xq-p89w: A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 52023-01-26

💥Exploits & PoCs

1
Nuclei
WD My Cloud Panel - Detect

🕵️Threat Intelligence

3
Trendmicro
CVE-2022-29844: Classic Buffer Overflow on My Cloud Pro Series PR41002023-04-20
Trendmicro
CVE-2022-29844: Classic Buffer Overflow on My Cloud Pro Series PR41002023-04-20
Trendmicro
CVE-2022-29844: Classic Buffer Overflow on My Cloud Pro Series PR41002023-04-20