A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.
This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 07:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 1.9 |
References | () https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 - Vendor Advisory |
Information
Published : 2023-05-10 00:15
Updated : 2024-11-21 07:12
NVD link : CVE-2022-36330
Mitre link : CVE-2022-36330
CVE.ORG link : CVE-2022-36330
JSON object : View
Products Affected
westerndigital
- my_cloud_home_duo_firmware
- my_cloud_home_firmware
- my_cloud_home
- sandisk_ibi
- sandisk_ibi_firmware
- my_cloud_home_duo
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')