CVE-2022-22989— Pre-authenticated stack overflow vulnerability on FTP Service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-22989
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pre-authenticated stack overflow vulnerability on FTP Service
Source: NVD (National Vulnerability Database)
Vulnerability Description
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
Western Digital My Cloud 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Western Digital My Cloud是美国西部数据(Western Digital)公司的一款个人云存储设备。 Western Digital My Cloud OS 5存在缓冲区错误漏洞,攻击者可利用该漏洞执行堆栈溢出攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Western Digital | My Cloud | My Cloud OS 5 ~ 5.19.117 | - |
II. Public POCs for CVE-2022-22989
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-22989
请登录查看更多情报信息。
Same Patch Batch · Western Digital · 2022-01-13 · 4 CVEs total
| CVE-2022-22990 | 7.8 HIGH | Limited authentication bypass vulnerability on Western Digital My Cloud devices |
| CVE-2022-22991 | 7.8 HIGH | Command injection through unsecured HTTP calls on Western Digital My Cloud devices |
| CVE-2022-22988 | 7.7 HIGH | Insecure file and directory permissions on EdgeRover |
IV. Related Vulnerabilities
Same product: My Cloud
- CVE-2025-30247
Western Digital My Cloud 安全漏洞 - CVE-2024-22170
Unchecked buffer in Dynamic DNS client - CVE-2022-29843
Western Digital My Cloud OS 5 devices Command Injection Vuln - CVE-2022-29844
Western Digital My Cloud OS 5 arbitrary file read and write - CVE-2022-29838
Authentication issue with the encrypted volumes and auto mou
Same vendor: Western Digital
Same weakness: CWE-121
- CVE-2026-8258
Squirrel sqstdstring.cpp validate_format stack-based overflo - CVE-2026-8234
EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-41509
Integer underflow in crypto_sign_open() leads to buffer over - CVE-2026-8138
Tenda CX12L SetPptpServerCfg” formSetPPTPServer stack-based
V. Comments for CVE-2022-22989
No comments yet