CVE-2022-22991

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*

Information

Published : 2022-01-13 13:15

Updated : 2022-01-21 08:33


NVD link : CVE-2022-22991

Mitre link : CVE-2022-22991


JSON object : View

CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

dedicated server usa

Products Affected

westerndigital

  • my_cloud_dl4100
  • wd_cloud
  • my_cloud_pr2100
  • my_cloud_ex2100
  • my_cloud_os
  • my_cloud
  • my_cloud_ex4100
  • my_cloud_mirror_gen_2
  • my_cloud_pr4100
  • my_cloud_ex2_ultra
  • my_cloud_dl2100