A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
Credits
rskvp93 and biennd4 (from VcsLab of Viettel Cyber Security) working with Trend Micro Zero Day Initiative
