← Back to CVEs
CVE-2022-22997
MEDIUM6.8
Description
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack VectorADJACENT_NETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published7/12/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
linux:linux_kernelwesterndigital:my_cloud_homewesterndigital:my_cloud_home_duowesterndigital:my_cloud_home_duo_firmwarewesterndigital:my_cloud_home_firmware
Weaknesses (CWE)
CWE-78CWE-78
References
https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107(psirt@wdc.com)
https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.