Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36330

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.

Published

2023-05-10T00:15:09.467

Last Modified

2024-11-21T07:12:48.563

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 1.9 (LOW)

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	westerndigital	my_cloud_home_duo_firmware	< 9.4.0-191	Yes
Hardware	westerndigital	my_cloud_home_duo	-	No
Operating System	westerndigital	my_cloud_home_duo_firmware	< 9.4.0-191	Yes
Hardware	westerndigital	my_cloud_home_duo	-	No
Operating System	westerndigital	sandisk_ibi_firmware	< 9.4.0-191	Yes
Hardware	westerndigital	sandisk_ibi	-	No
Operating System	westerndigital	my_cloud_home_firmware	< 9.4.0-191	Yes
Hardware	westerndigital	my_cloud_home	-	No

References

https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 Vendor Advisory ([email protected])
https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)