CVE-2022-22995

Summary

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Western DigitalMy CloudMy Cloud OS 5 < 5.19.117affected
Western DigitalMy Cloud HomeMy Cloud Home < 7.16-220affected

Weaknesses

  • CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CVE Program Container

Additional References

References