CVE-2022-22992
HIGHWestern Digital My Cloud OS < 5.19.117 - Remote Code Execution via Improper Shell Argument Escaping
Title source: llmDescription
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117
Scores
CVSS v3
7.8
EPSS
0.0222
EPSS Percentile
80.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Details
CWE
CWE-116
Status
published
Products (1)
westerndigital/my_cloud_os
< 5.19.117
Published
Jan 28, 2022
Tracked Since
Feb 18, 2026