CVE-2022-29841: RCE flaw found in Western Digital My Cloud OS
Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution and gain a reverse shell on unpatched My Cloud OS 5 devices.
Western Digital’s My Cloud is one of the most popular network-attached storage (NAS) devices that are being used by businesses and individuals to host their files, as well as backup and sync them with various cloud and web-based services.
Coolcaesar, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons
This flaw, tracked as CVE-2022-29841 was caused by a command that read files from a privileged location and created a system command without sanitizing the read data.
It can be exploited by remote threat actors in attacks targeting My Cloud devices running vulnerable firmware versions.
“Addressed a remote code execution vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell,” the data storage company explained.
The list of devices considered vulnerable to CVE-2022-29841 attacks includes:
- My Cloud PR2100
- My Cloud PR4100
- My Cloud EX4100
- My Cloud EX2 Ultra
- My Cloud Mirror G2
- My Cloud DL2100
- My Cloud DL4100
- My Cloud EX2100
- My Cloud
- WD Cloud
This week, Western Digital fixed three more vulnerabilities in the My Cloud OS 5:
- CVE-2022-29842 – Addressed a command injection vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file.
- CVE-2022-29843 (CVSS score of 6.2) – Addressed a vulnerability in the DDNS service configuration that could allow an attacker to execute code in the context of the root user.
- CVE-2022-29844 (CVSS score of 6.7) – Addressed a memory corruption vulnerability in the FTP service that could allow an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Western Digital addressed these vulnerabilities by releasing firmware 5.26.119.
“To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification,” the company said.
