CVE-2022-22995
CRITICALWestern Digital My Cloud Firmware < 5.19.117 - Arbitrary File Write via SMB and AFP Primitives
Title source: llmDescription
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
References (7)
Core 7
Core References
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/
Issue Tracking, Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-02
Mailing List vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
Scores
CVSS v3
10.0
EPSS
0.0016
EPSS Percentile
36.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Details
CWE
CWE-59
Status
published
Products (15)
fedoraproject/fedora
37
fedoraproject/fedora
38
fedoraproject/fedora
39
netatalk/netatalk
< 3.1.18
westerndigital/my_cloud_dl2100_firmware
< 5.19.117
westerndigital/my_cloud_dl4100_firmware
< 5.19.117
westerndigital/my_cloud_ex2100_firmware
< 5.19.117
westerndigital/my_cloud_ex2_ultra_firmware
< 5.19.117
westerndigital/my_cloud_ex4100_firmware
< 5.19.117
westerndigital/my_cloud_firmware
< 5.19.117
... and 5 more
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026