Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29837

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

Published

2022-12-01T17:15:11.290

Last Modified

2024-11-21T06:59:47.207

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	westerndigital	my_cloud_home_firmware	< 8.12.0-178	Yes
Hardware	westerndigital	my_cloud_home	-	No
Operating System	westerndigital	my_cloud_home_duo_firmware	< 8.12.0-178	Yes
Hardware	westerndigital	my_cloud_home_duo	-	No
Operating System	westerndigital	sandisk_ibi_firmware	< 8.12.0-178	Yes
Hardware	westerndigital	sandisk_ibi	-	No

References

https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178 Vendor Advisory ([email protected])
https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)