CVE-2023-22816

MEDIUM

Western Digital My Cloud OS < 5.26.300 - Authenticated Remote Command Injection via CGI File

Title source: llm

Description

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300.

References (1)

Core 1

Core References

Vendor Advisory

https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300

Scores

CVSS v3 6.0

EPSS 0.0069

EPSS Percentile 47.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77 CWE-78

Status published

Products (1)

westerndigital/my_cloud_os < 5.26.300

Published Jun 30, 2023

Tracked Since Feb 18, 2026