A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WDC PSIRT
Published: 2022-01-13T20:27:25
Updated: 2024-08-03T03:28:42.988Z
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22991
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-01-13T21:15:08.980
Modified: 2022-01-21T16:33:52.383
Link: CVE-2022-22991
Redhat
No data.