An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.
References
| Link | Resource |
|---|---|
| https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 | Release Notes Vendor Advisory |
| https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
History
26 May 2023, 23:30
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_os_5:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
| References | (MISC) https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 - Release Notes, Vendor Advisory | |
| References | (MISC) https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202 - Release Notes, Vendor Advisory | |
| CWE | CWE-400 | |
| First Time |
Westerndigital my Cloud
Westerndigital my Cloud Os 5 Westerndigital sandisk Ibi Westerndigital sandisk Ibi Firmware Westerndigital my Cloud Home Duo Westerndigital my Cloud Home Westerndigital my Cloud Home Duo Firmware Westerndigital my Cloud Home Firmware Westerndigital my Cloud Dl4100 Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Ex4100 Westerndigital my Cloud Dl2100 Westerndigital my Cloud Pr4100 Westerndigital Westerndigital wd Cloud Westerndigital my Cloud Ex2100 Westerndigital my Cloud Pr2100 Westerndigital my Cloud Mirror G2 |
Information
Published : 2023-05-18 18:15
Updated : 2024-02-28 20:13
NVD link : CVE-2022-36326
Mitre link : CVE-2022-36326
CVE.ORG link : CVE-2022-36326
JSON object : View
Products Affected
westerndigital
- my_cloud_pr4100
- my_cloud_home_firmware
- my_cloud_ex4100
- my_cloud_dl2100
- sandisk_ibi_firmware
- my_cloud_pr2100
- my_cloud_ex2100
- my_cloud
- my_cloud_ex2_ultra
- my_cloud_mirror_g2
- my_cloud_home_duo
- my_cloud_dl4100
- my_cloud_os_5
- my_cloud_home
- my_cloud_home_duo_firmware
- sandisk_ibi
- wd_cloud
CWE
CWE-400
Uncontrolled Resource Consumption