CVE-2022-29843 MEDIUM

CVE-2022-29843: Western Digital My Cloud OS 5 devices Command Injection Vulnerability

Vendor Western Digital
Product My Cloud
Weakness CWE-78
Published January 25, 2023
Last update April 4, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.

Key dates

02Disclosure timeline

January 25, 2023 CVE published
April 4, 2025 Record updated