{"vulnerability": "CVE-2022-2984", "sightings": [{"uuid": "26cd76e4-8743-4df1-94c1-cab8a28a87ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29847", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "dee3b4bd-f97a-4886-a427-4fdda829ef14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29845", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:45.000000Z"}, {"uuid": "fc5be2b4-5545-4ce6-9639-1461bd8e5a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29845", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "6c02b39e-95d9-445f-beed-e964a3099a9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29846", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "49bef2c6-3f19-41c1-9506-4e8338345656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29848", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "002055b2-5cf3-4eb4-b84d-1c3dfc84c923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29845", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb", "content": "", "creation_timestamp": "2023-03-17T21:59:16.000000Z"}, {"uuid": "26b68d61-b1d7-497b-a1fd-3ee70a373157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29846", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:45.000000Z"}, {"uuid": "e7f9cf94-8e7c-425e-87c6-e12b125b217f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29848", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:45.000000Z"}, {"uuid": "8a7c8ae5-085a-4acb-8078-976c1d9e6a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29847", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:45.000000Z"}, {"uuid": "7b3415c9-a4d0-4585-a26e-6b6a8a1641a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29847", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "084837b6-0ce2-418b-ad0e-f3340f7d5d51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29846", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb", "content": "", "creation_timestamp": "2023-03-17T21:59:16.000000Z"}, {"uuid": "7552e100-bb68-40df-8a4b-8c54f7d5005b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29845", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "2f02c2ba-ac96-4f7d-b85c-7e80461d4991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29846", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "9007adfd-2e92-46d0-8bf3-bb6c8f50972d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29848", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "d03a7d82-671c-483d-9db4-0dd0e702ceb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29848", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb", "content": "", "creation_timestamp": "2023-03-17T21:59:16.000000Z"}, {"uuid": "f0407c37-1c96-458d-859c-c3a3c626e02d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29847", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/credentials/whatsupgold_credential_dump.rb", "content": "", "creation_timestamp": "2023-03-17T21:59:16.000000Z"}, {"uuid": "7a2c8306-4444-404e-b155-0699961fd2ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29842", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3016", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-29842\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.\n\n\n\ud83d\udccf Published: 2023-05-10T20:53:19.844Z\n\ud83d\udccf Modified: 2025-01-24T21:00:19.549Z\n\ud83d\udd17 References:\n1. https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119", "creation_timestamp": "2025-01-24T21:05:06.000000Z"}, {"uuid": "2b81a708-728c-435b-8f7c-5444063b52ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29844", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10944", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2022-29844: A CLASSIC BUFFER OVERFLOW ON THE WESTERN DIGITAL MY CLOUD PRO SERIES PR4100.\n\nhttps://www.zerodayinitiative.com/blog/2023/4/19/cve-2022-29844-a-classic-buffer-overflow-on-the-western-digital-my-cloud-pro-series-pr4100", "creation_timestamp": "2023-04-22T02:32:15.000000Z"}, {"uuid": "cb4ebe17-cdeb-4d4a-a8be-428d106004f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29840", "type": "seen", "source": "https://t.me/true_secator/4517", "content": "Western Digital \u0440\u0435\u0448\u0438\u043b\u0430 \u043a\u0430\u0440\u0434\u0438\u043d\u0430\u043b\u044c\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043f\u0440\u0438\u043e\u0431\u0449\u0430\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043a \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0441\u0435\u0440\u0438\u0438 My Cloud \u043e \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u043c \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 15 \u0438\u044e\u043d\u044f 2023 \u0433\u043e\u0434\u0430, \u0435\u0441\u043b\u0438 \u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 NAS \u043d\u0435 \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u044b \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 5.26.202.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0432\u043e\u0438\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0447\u0435\u0440\u0435\u0437 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0430 \u0434\u0430\u043b\u0435\u0435 \u0438 \u0434\u043e ransomware \u0440\u0443\u043a\u043e\u0439 \u043f\u043e\u0434\u0430\u0442\u044c.\n\n\u041a\u0430\u043a \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442 Western Digital, \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043e\u043a \u0431\u044b\u043b\u0438\u00a0\u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b 15 \u043c\u0430\u044f 2023 \u0433\u043e\u0434\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f CVE-2022-36327\u00a0 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 9.8 \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0431\u0445\u043e\u0434\u043e\u043c \u043f\u0443\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0441\u0442\u043e\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a RCE \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 My Cloud.\n\n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2022-36326\u00a0- \u044d\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0430\u043c\u0438 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0412\u0441\u0435 \u044d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a DoS.\n\nCVE-2022-36328\u00a0\u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u0449\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b \u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430\u0445 \u0438 \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b, \u043f\u0430\u0440\u043e\u043b\u0438, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432.\n\n\u0418, \u043d\u0430\u043a\u043e\u043d\u0435\u0446, \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f SSRF-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2022-29840) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430 \u043f\u043e\u0434\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c\u043d\u043e\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u043c\u0435\u043d\u044f\u0442\u044c \u0441\u0432\u043e\u0439 URL-\u0430\u0434\u0440\u0435\u0441.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u043e\u043f\u044b\u0442 \u0440\u044f\u0434\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u0439 NAS \u0441 ransomware-\u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438, \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0432\u043f\u043e\u043b\u043d\u0435 \u0441\u0435\u0431\u0435 \u043e\u0442\u0432\u0435\u0447\u0430\u0435\u0442 \u0443\u0433\u0440\u043e\u0437\u0430\u043c \u0438, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0434\u0438\u0441\u0446\u0438\u043f\u043b\u0438\u043d\u0438\u0440\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.", "creation_timestamp": "2023-06-19T15:35:04.000000Z"}, {"uuid": "1f2e916a-c479-4771-b8e5-5c593a425ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29842", "type": "seen", "source": "https://t.me/cibsecurity/63832", "content": "\u203c CVE-2022-29842 \u203c\n\nImproper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: through 5.26.119.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T00:14:40.000000Z"}, {"uuid": "65e13b94-6b48-434f-8c77-587bc63d6e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29840", "type": "seen", "source": "https://t.me/cibsecurity/63854", "content": "\u203c CVE-2022-29840 \u203c\n\nServer-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T02:14:48.000000Z"}, {"uuid": "b14e20a3-6e7d-4820-8b8b-15dd88706172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29841", "type": "seen", "source": "https://t.me/cibsecurity/63853", "content": "\u203c CVE-2022-29841 \u203c\n\nImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability\u00c2\u00a0that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell\u00c2\u00a0in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T02:14:47.000000Z"}, {"uuid": "34697d8e-8d9c-44ee-935b-26c5c53e4e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29845", "type": "seen", "source": "https://t.me/cibsecurity/42439", "content": "\u203c CVE-2022-29845 \u203c\n\nIn Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T22:40:46.000000Z"}, {"uuid": "184c4db8-e6c6-42fd-981e-e5ba734b8383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29848", "type": "seen", "source": "https://t.me/cibsecurity/42429", "content": "\u203c CVE-2022-29848 \u203c\n\nIn Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T22:40:35.000000Z"}, {"uuid": "3ef71094-2e30-4657-b537-e5fb1c09d29c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29846", "type": "seen", "source": "https://t.me/cibsecurity/42441", "content": "\u203c CVE-2022-29846 \u203c\n\nIn Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T22:40:48.000000Z"}, {"uuid": "9d9ed789-4682-42c4-a930-9a911e9fb2c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29849", "type": "seen", "source": "https://t.me/cibsecurity/41703", "content": "\u203c CVE-2022-29849 \u203c\n\nIn Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-02T07:27:24.000000Z"}, {"uuid": "df822a81-cea0-415e-8b95-e319dd70ad5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29844", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/8177", "content": "#exploit\n1. CVE-2023-1671:\nPre-Auth RCE in Sophos Web Appliance\nhttps://vulncheck.com/blog/cve-2023-1671-analysis\n]-&gt; https://github.com/W01fh4cker/CVE-2023-1671-POC\n\n2. CVE-2022-29844:\nBuffer Overflow On WD My Cloud Pro Series PR4100\nhttps://www.zerodayinitiative.com/blog/2023/4/19/cve-2022-29844-a-classic-buffer-overflow-on-the-western-digital-my-cloud-pro-series-pr4100\n\n3. CVE-2023-21554:\nUnauthenticated RCE vulnerability in the MSMQ service\nhttps://www.randori.com/blog/vulnerability-analysis-queuejumper-cve-2023-21554", "creation_timestamp": "2024-07-17T00:33:01.000000Z"}]}