Description

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Related CPE's

o

westerndigital

my_cloud_pr2100_firmware

Vulnerable

h

westerndigital

my_cloud_pr2100

-

o

westerndigital

my_cloud_pr4100_firmware

Vulnerable

h

westerndigital

my_cloud_pr4100

-

o

westerndigital

my_cloud_ex4100_firmware

Vulnerable

h

westerndigital

my_cloud_ex4100

-

o

westerndigital

my_cloud_ex2_ultra_firmware

Vulnerable

h

westerndigital

my_cloud_ex2_ultra

-

o

westerndigital

my_cloud_mirror_gen_2_firmware

Vulnerable

h

westerndigital

my_cloud_mirror_gen_2

-

o

westerndigital

my_cloud_dl2100_firmware

Vulnerable

h

westerndigital

my_cloud_dl2100

-

o

westerndigital

my_cloud_dl4100_firmware

Vulnerable

h

westerndigital

my_cloud_dl4100

-

o

westerndigital

my_cloud_ex2100_firmware

Vulnerable

h

westerndigital

my_cloud_ex2100

-

o

westerndigital

my_cloud_firmware

Vulnerable

h

westerndigital

my_cloud

-

o

westerndigital

wd_cloud_firmware

Vulnerable

h

westerndigital

wd_cloud

-

o

westerndigital

my_cloud_home_firmware

Vulnerable

h

westerndigital

my_cloud_home

-

a

netatalk

netatalk

Vulnerable

o

fedoraproject

fedora

3

References

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/

Mailing List

https://security.gentoo.org/glsa/202311-02

Issue TrackingThird Party Advisory

https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html

https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/

Mailing List

https://security.gentoo.org/glsa/202311-02

Issue TrackingThird Party Advisory

https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-59

[email protected]

Primary
CWE-59

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

10 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-25T22:15:08.410Z

3 years ago

Last modified

2025-11-03T21:15:55.473Z

4 months ago