CVE-2022-22989
CRITICALWestern Digital My Cloud OS < 5.19.117 - Unauthenticated Stack-based Buffer Overflow in FTP Service
Title source: llmDescription
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117
Scores
CVSS v3
9.8
EPSS
0.0131
EPSS Percentile
67.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (1)
westerndigital/my_cloud_os
< 5.19.117
Published
Jan 13, 2022
Tracked Since
Feb 18, 2026