{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:32:44.732","vulnerabilities":[{"cve":{"id":"CVE-2022-22990","sourceIdentifier":"psirt@wdc.com","published":"2022-01-13T21:15:08.917","lastModified":"2024-11-21T06:47:45.363","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts."},{"lang":"es","value":"Se ha detectado una vulnerabilidad de omisión de autenticación limitada que podría permitir a un atacante lograr una ejecución de código remota y escalar privilegios en los dispositivos My Cloud. Se ha abordado esta vulnerabilidad al cambiar la lógica de comprobación de los tokens de acceso y reescribiendo la lógica de las reglas en los scripts de PHP"}],"metrics":{"cvssMetricV31":[{"source":"psirt@wdc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:C/I:C/A:C","baseScore":8.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.5,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@wdc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-697"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19.117","matchCriteriaId":"9B585AE9-1F28-42D7-B16D-75BF1CB8A054"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*","matchCriteriaId":"3A9EE86B-05EE-4F2E-A912-624DDCF9C41B"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*","matchCriteriaId":"9E783EBC-7608-4527-B1AD-9B4E7A7A108C"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*","matchCriteriaId":"F3034F4A-239C-4E38-9BD6-217361A7C519"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*","matchCriteriaId":"5A581EBA-A1F2-4ABC-8183-29973A46FA43"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*","matchCriteriaId":"ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*","matchCriteriaId":"B78030F0-6655-4604-9D16-2FA1F3FD52FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*","matchCriteriaId":"5695E842-1561-4A4F-901F-6EC07F558989"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*","matchCriteriaId":"BF58260B-2131-402C-A9DA-67B188136DE1"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*","matchCriteriaId":"CB0C2FD9-4792-4DA2-9698-E53109A499EC"},{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*","matchCriteriaId":"8FDE0337-4329-4CE3-9B0B-61BE8361E910"}]}]}],"references":[{"url":"https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117","source":"psirt@wdc.com","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-076/","source":"psirt@wdc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-347/","source":"psirt@wdc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-076/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-347/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}