CVE-2022-22997
MEDIUMWestern Digital My Cloud Home Duo and My Cloud Home Firmware < 8.5.1-102 - Remote Code Execution via Command Injection
Title source: llmDescription
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107
Scores
CVSS v3
6.8
EPSS
0.0137
EPSS Percentile
68.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-78
Status
published
Products (2)
westerndigital/my_cloud_home_duo_firmware
< 8.5.1-102
westerndigital/my_cloud_home_firmware
< 8.5.1-102
Published
Jul 12, 2022
Tracked Since
Feb 18, 2026