CVE-2022-29840

MEDIUM

Western Digital My Cloud OS 5.02.104-5.26.201 - Server-Side Request Forgery via Loopback URL Modification

Title source: llm

Description

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

Scores

CVSS v3 5.1

EPSS 0.0014

EPSS Percentile 3.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

westerndigital/my_cloud_os 5.02.104 - 5.26.202

Published May 10, 2023

Tracked Since Feb 18, 2026