CVE-2022-29844

CRITICAL Year: 2022
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-23
View all →

Vulnerability Description

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

Related Vulnerabilities

CVE-2017-9664

CRITICAL
CVSS:9.8(Critical)

In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, and SREA-50 revision A: application versions up to 3.32.8, an attacker may access internal files of ABB SREA-01 and SREA-50 legacy ...

CWE-232017

CVE-2019-17640

CRITICAL
CVSS:9.8(Critical)

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctl...

CWE-232019

CVE-2020-10631

CRITICAL
CVSS:9.8(Critical)

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CWE-232020

CVE-2020-12006

CRITICAL
CVSS:9.8(Critical)

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’...

CWE-232020

CVE-2020-25172

CRITICAL
CVSS:9.8(Critical)

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files.

CWE-232020

CVE-2020-25176

CRITICAL
CVSS:9.8(Critical)

Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the...

CWE-232020