Root-level command injection vulnerability in Western Digital My Cloud OS 5 devices

Root-level command injection vulnerability in Western Digital My Cloud OS 5 devices

CVE-2022-29843 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.

Learn more about our Cloud Audit.