CVE-2022-29838

MEDIUM

Western Digital My Cloud OS < 5.25.124 - Improper Authentication in Encrypted Volumes and Auto Mount Features

Title source: llm

Description

Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

References (1)

Core 1

Core References

Vendor Advisory

https://www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmware-version-5-25-124

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 17.5%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-287

Status published

Products (1)

westerndigital/my_cloud_os < 5.25.124

Published Dec 09, 2022

Tracked Since Feb 18, 2026