Security Advisory

CVE-2022-22994

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-28 19:35:05

Last updated 2024-08-03 03:28:42

Assigner WDC PSIRT

State PUBLISHED

Description

A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP.

← Browse all CVEs View on cve.org ↗