CVE-2022-29838 MEDIUM

CVE-2022-29838: Authentication issue with the encrypted volumes and auto mount feature in My Cloud devices

Vendor Western Digital
Product My Cloud
Weakness CWE-287 · Improper authentication
Published December 9, 2022
Last update April 23, 2025

CVSS base score

4.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

Key dates

02Disclosure timeline

December 9, 2022 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE