Western Digital My Cloud OS 5 Firmware 5.29.102
WDC Tracking Number: WDC-24005
Product Line/Web: My Cloud OS 5
Published: September 26, 2024
Last Updated: August 2, 2024
Description
A vulnerability was addressed in My Cloud firmware which could allow an attacker to execute arbitrary code due to an unchecked buffer in the Dynamic DNS client.
My Cloud OS 5 Firmware 5.29.102 includes updates to help improve the security of your My Cloud OS 5 devices.
Advisory Summary
We addressed a previously unchecked buffer vulnerability in the Dynamic DNS client in My Cloud device firmware versions prior to 5.29.102 allows an attacker to potentially execute arbitrary code. A Man-in-the-Middle attack could be used to intercept a Dynamic DNS update request and respond with a payload that overflows the buffer.
CVE Number: CVE-2024-22170
Western Digital would like to thank Claroty Research - Team82 - Noam Moshe working with Trend Micro Zero Day Initiative