CVE-2022-29844

Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp

Description

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

Remediation

Solution:

  • Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.

Categories

6.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 50.97% Top 5%
Vendor Advisory westerndigital.com
Affected: Western Digital My Cloud
Published at:
Updated at:

References

Link Tags
https://www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-29844?
CVE-2022-29844 has been scored as a medium severity vulnerability.
How to fix CVE-2022-29844?
To fix CVE-2022-29844: Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Is CVE-2022-29844 being actively exploited in the wild?
It is possible that CVE-2022-29844 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~51% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-29844?
CVE-2022-29844 affects Western Digital My Cloud.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.