CVE-2022-29844 MEDIUM

CVE-2022-29844: Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp

Vendor Western Digital

Product My Cloud

Weakness CWE-23

Published January 25, 2023

Last update April 4, 2025

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

Key dates

02Disclosure timeline

January 25, 2023 CVE published

April 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-29844

Related vulnerabilities

Identifiers

CVE CVE-2022-29844

CWE CWE-23

CVSS 6.7 / MEDIUM

Affected versions