CVE-2022-29844: A Classic Buffer Overflow on the Western Digital My Cloud Pro Series PR4100

This post covers an exploit chain demonstrated by Luca Moro (@johncool__) during Pwn2Own Toronto 2022. At the contest, he used a classic buffer overflow to gain code execution on the My Cloud Pro Series PR4100 Network Attached Storage (NAS) device. He also displayed a nifty message on the device. Luca’s successful entry earned him $40,000 and 4 points towards Master of Pwn. All Pwn2Own entries are accompanied by a full whitepaper describing the vulnerabilities being used and how …

blog blog post buffer buffer overflow cloud code code execution contest cve device digital entry exploit exploited master message my cloud nas network overflow pro pwn2own pwn2own toronto 2022 series storage toronto vulnerabilities western western digital western digital my cloud whitepaper