CVE-2022-29841
OS Command Injection vulnerability in Western Digital My Cloud devices
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the do_reboot binary. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
*Credits:
Claroty Research, Team82 - Vera Mens, Noam Moshe, Uri Katz and Sharon Brizinov working with Trend Micro’s Zero Day Initiative
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-27 CVE Reserved
- 2023-05-10 CVE Published
- 2024-06-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Search vendor "Westerndigital" for product "My Cloud" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Dl2100 Search vendor "Westerndigital" for product "My Cloud Dl2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Dl4100 Search vendor "Westerndigital" for product "My Cloud Dl4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex2 Ultra Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex2100 Search vendor "Westerndigital" for product "My Cloud Ex2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex4100 Search vendor "Westerndigital" for product "My Cloud Ex4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Mirror G2 Search vendor "Westerndigital" for product "My Cloud Mirror G2" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Pr2100 Search vendor "Westerndigital" for product "My Cloud Pr2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Pr4100 Search vendor "Westerndigital" for product "My Cloud Pr4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os" | >= 5.02.104 < 5.26.119 Search vendor "Westerndigital" for product "My Cloud Os" and version " >= 5.02.104 < 5.26.119" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | Wd Cloud Search vendor "Westerndigital" for product "Wd Cloud" | - | - |
Safe
|