SSRF in Western Digital My Cloud
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-29840 |
| CWE-ID | CWE-918 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
My Cloud PR2100 Hardware solutions / Other hardware appliances My Cloud PR4100 Hardware solutions / Other hardware appliances My Cloud EX4100 Hardware solutions / Other hardware appliances My Cloud EX2 Ultra Hardware solutions / Other hardware appliances My Cloud Mirror G2 Hardware solutions / Other hardware appliances My Cloud DL2100 Hardware solutions / Other hardware appliances My Cloud DL4100 Hardware solutions / Other hardware appliances My Cloud EX2100 Hardware solutions / Other hardware appliances WD Cloud Hardware solutions / Other hardware appliances My Cloud Hardware solutions / Office equipment, IP-phones, print servers My Cloud Home Client/Desktop applications / Other client software My Cloud Home Duo Client/Desktop applications / Other client software SanDisk ibi Client/Desktop applications / Other client software |
| Vendor | Western Digital |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU70656
Risk: High
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-29840
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input within the RESTSDK server. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMy Cloud PR2100: before 5.25.132
My Cloud PR4100: before 5.25.132
My Cloud EX4100: before 5.25.132
My Cloud EX2 Ultra: before 5.25.132
My Cloud Mirror G2: before 5.25.132
My Cloud DL2100: before 5.25.132
My Cloud DL4100: before 5.25.132
My Cloud EX2100: before 5.25.132
My Cloud: before 5.25.132
WD Cloud: before 5.25.132
My Cloud Home: before 8.13.1-102
My Cloud Home Duo: before 8.13.1-102
SanDisk ibi: before 8.13.1-102
CPE2.3- cpe:2.3:h:western_digital:my_cloud_pr2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud_pr4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud_ex4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud_ex2_ultra:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud_mirror_g2:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud_dl2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud_dl4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud_ex2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:my_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:h:western_digital:wd_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:a:western_digital:my_cloud_home:*:*:*:*:*:*:*:*
- cpe:2.3:a:western_digital:my_cloud_home_duo:*:*:*:*:*:*:*:*
- cpe:2.3:a:western_digital:sandisk_ibi:*:*:*:*:*:*:*:*
https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update
https://www.zerodayinitiative.com/advisories/ZDI-23-850/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
