CVE-2022-22992

Command Injection Remote Code Execution vulnerability on Western Digital My Cloud devices.

Published: Jan 28, 2022Updated: Nov 21, 2024 Sources: CVE List NVDCWE-116

NVD MITRE

7.8CVSSHIGH

Description

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:HAttack Complexity

High

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:NAvailability

None

Open in CVSS calculator →

Weaknesses

CWE-116

Affected Products

my cloud os westerndigital Hardware Firmware

n/a n/a

westerndigitalcommercialUSHardware Firmwareaka western digital, wd

Exploitability

Official Patch Available

References

https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

westerndigital.com

Timeline

Published

Jan 28, 2022

Last Updated

Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-22992 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows