CVE-2022-29843 - Westerndigital My Cloud Pr2100 Firmware, Westerndigital My Cloud Pr4100 Firmware and Westerndigital My Cloud Dl2100 Firmware

January 26, 2023

Critical 9.8

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.

Affected software

Westerndigital My Cloud Pr2100 Firmware

Westerndigital My Cloud Pr4100 Firmware

Westerndigital My Cloud Dl2100 Firmware

Westerndigital My Cloud Ex2100 Firmware

Westerndigital My Cloud Dl4100 Firmware

Westerndigital My Cloud Ex4100 Firmware

Westerndigital My Cloud Ex2 Ultra Firmware

Westerndigital My Cloud Mirror G2 Firmware

Reference links

https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119

CVE-2022-29843 - Westerndigital My Cloud Pr2100 Firmware, Westerndigital My Cloud Pr4100 Firmware and Westerndigital My Cloud Dl2100 Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software