{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-22995","assignerOrgId":"cb3b742e-5145-4748-b44b-5ffd45bf3b6a","assignerShortName":"WDC PSIRT","dateUpdated":"2025-11-03T21:45:48.606Z","dateReserved":"2022-01-10T00:00:00.000Z","datePublished":"2022-03-25T00:00:00.000Z"},"containers":{"cna":{"title":"Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk","providerMetadata":{"orgId":"cb3b742e-5145-4748-b44b-5ffd45bf3b6a","shortName":"WDC PSIRT","dateUpdated":"2024-01-04T22:06:13.592Z"},"descriptions":[{"lang":"en","value":"The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."}],"affected":[{"vendor":"Western Digital","product":"My Cloud","versions":[{"version":"My Cloud OS 5","status":"affected","lessThan":" 5.19.117","versionType":"custom"}],"platforms":["Linux"]},{"vendor":"Western Digital","product":"My Cloud Home","versions":[{"version":"My Cloud Home","status":"affected","lessThan":" 7.16-220","versionType":"custom"}],"platforms":["Android "]}],"references":[{"url":"https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"},{"name":"FEDORA-2023-cec97f7b5d","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"},{"name":"FEDORA-2023-ef901c862c","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"},{"name":"GLSA-202311-02","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202311-02"},{"name":"FEDORA-2023-39f0ec3879","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"},{"name":"[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"}],"credits":[{"lang":"en","value":"Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro’s Zero Day Initiative"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW","baseScore":10,"baseSeverity":"CRITICAL"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-59 Improper Link Resolution Before File Access ('Link Following')","cweId":"CWE-59"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"discovery":"EXTERNAL"},"solutions":[{"lang":"en","value":"To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities","tags":["x_transferred"]},{"name":"FEDORA-2023-cec97f7b5d","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"},{"name":"FEDORA-2023-ef901c862c","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"},{"name":"GLSA-202311-02","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202311-02"},{"name":"FEDORA-2023-39f0ec3879","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"},{"name":"[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:45:48.606Z"}}]}}