CVE-2022-22989

Published: Jan 13, 2022Modified: Feb 24, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.

Affected (1)

Products: Westerndigital: My Cloud Os

Westerndigital

1 product

My Cloud Os

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Westerndigital My Cloud Os	Before 5.19.117

Running on/with	Platform Versions
Westerndigital My Cloud	All versions
Westerndigital My Cloud Dl2100	All versions
Westerndigital My Cloud Dl4100	All versions
Westerndigital My Cloud Ex2100	All versions
Westerndigital My Cloud Ex2 Ultra	All versions
Westerndigital My Cloud Ex4100	All versions
Westerndigital My Cloud Mirror Gen 2	All versions
Westerndigital My Cloud Pr2100	All versions
Westerndigital My Cloud Pr4100	All versions
Westerndigital Wd Cloud	All versions

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

Source: psirt@wdc.com

Vendor Advisory

https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.