Headline
CVE-2022-29840: Product Security | Western Digital
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.
Report a Security Issue
To report a security issue you believe you have found in a Western Digital product or service, please email the details of your findings to [email protected]. Messages sent to any other email addresses may result in a delayed response.
When possible, please include the following:
- The specific product(s) or service(s) affected, including any relevant version numbers;
- Details about the impact of the issue;
- Any information that can help reproduce or diagnose the issue, including a Proof of Concept (PoC) if available; and
- Whether you believe the vulnerability is already publicly disclosed or known to third parties.
Please use our PGP/GPG key to encrypt the information before sending it.
Vulnerability Disclosure Program
Western Digital follows a coordinated vulnerability disclosure process. For more information on the scope of our vulnerability disclosure program and what you can expect when working with Western Digital, see our Vulnerability Disclosure Policy.
Western Digital Vulnerability Disclosure Policy
Related news
Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.