Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Westerndigital
  • My Cloud Dl2100 Firmware
  • My Cloud Dl4100 Firmware
  • My Cloud Ex2100 Firmware
  • My Cloud Ex2 Ultra Firmware
  • My Cloud Ex4100 Firmware
  • My Cloud Firmware
  • My Cloud Mirror G2 Firmware
  • My Cloud Pr2100 Firmware
  • My Cloud Pr4100 Firmware
  • Wd Cloud Firmware

No data.

No data.

References
Link Providers
https://www.westerndigital.com/support/product-security/wdc-24005-western-digital-my-cloud-os-5-firmware-5-29-102 cve-icon cve-icon
History

Fri, 27 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Westerndigital
Westerndigital my Cloud Dl2100 Firmware
Westerndigital my Cloud Dl4100 Firmware
Westerndigital my Cloud Ex2100 Firmware
Westerndigital my Cloud Ex2 Ultra Firmware
Westerndigital my Cloud Ex4100 Firmware
Westerndigital my Cloud Firmware
Westerndigital my Cloud Mirror G2 Firmware
Westerndigital my Cloud Pr2100 Firmware
Westerndigital my Cloud Pr4100 Firmware
Westerndigital wd Cloud Firmware
CPEs cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*
Vendors & Products Westerndigital
Westerndigital my Cloud Dl2100 Firmware
Westerndigital my Cloud Dl4100 Firmware
Westerndigital my Cloud Ex2100 Firmware
Westerndigital my Cloud Ex2 Ultra Firmware
Westerndigital my Cloud Ex4100 Firmware
Westerndigital my Cloud Firmware
Westerndigital my Cloud Mirror G2 Firmware
Westerndigital my Cloud Pr2100 Firmware
Westerndigital my Cloud Pr4100 Firmware
Westerndigital wd Cloud Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Sep 2024 17:15:00 +0000

Type Values Removed Values Added
Description Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102.
Title Unchecked buffer in Dynamic DNS client
Weaknesses CWE-119
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: WDC PSIRT

Published: 2024-09-27T17:06:39.555Z

Updated: 2024-09-27T18:36:19.698Z

Reserved: 2024-01-05T18:43:18.488Z

Link: CVE-2024-22170

cve-icon Vulnrichment

Updated: 2024-09-27T18:36:00.403Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-27T17:15:12.143

Modified: 2024-09-30T12:45:57.823

Link: CVE-2024-22170

cve-icon Redhat

No data.