CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-29842 – Command Injection Vulnerability in Western Digital My Cloud devices
https://notcve.org/view.php?id=CVE-2022-29842
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the account_mgr cgi script. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2021-36226
https://notcve.org/view.php?id=CVE-2021-36226
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users https://www.youtube.com/watch?v=vsg9YgvGBec • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2021-36224
https://notcve.org/view.php?id=CVE-2021-36224
Western Digital My Cloud devices before OS5 have a nobody account with a blank password. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users https://www.youtube.com/watch?v=vsg9YgvGBec • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2021-36225
https://notcve.org/view.php?id=CVE-2021-36225
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/weekend_destroyer/weekend_destroyer.md https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users https://www.youtube.com/watch?v=vsg9YgvGBec • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2022-29839 – Remote Backups Application Discloses Stored Credentials
https://notcve.org/view.php?id=CVE-2022-29839
Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. Vulnerabilidad de credenciales insuficientemente protegidas en la aplicación de copias de seguridad remotas en dispositivos Western Digital My Cloud que podría permitir que un atacante que haya obtenido acceso a un endpoint relevante use esa información para acceder a datos protegidos. Este problema afecta: Versiones de Western Digital My Cloud My Cloud anteriores a la 5.25.124 en Linux. • https://www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmware-version-5-25-124 • CWE-522: Insufficiently Protected Credentials •