Vulnerabilities > CVE-2022-29840 - Server-Side Request Forgery (SSRF) vulnerability in Westerndigital MY Cloud OS

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
westerndigital
CWE-918
NVD
Published: 2023-05-10
Updated: 2023-05-22

Summary

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.

Vulnerable Configurations

Part Description Count
OS
Westerndigital
18
Hardware
Westerndigital
10

Common Weakness Enumeration (CWE)

References