CVE-2022-36330

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. 
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 1.9
References () https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 - Vendor Advisory () https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191 - Vendor Advisory

Information

Published : 2023-05-10 00:15

Updated : 2024-11-21 07:12


NVD link : CVE-2022-36330

Mitre link : CVE-2022-36330

CVE.ORG link : CVE-2022-36330


JSON object : View

Products Affected

westerndigital

  • my_cloud_home_duo_firmware
  • my_cloud_home_firmware
  • my_cloud_home
  • sandisk_ibi
  • sandisk_ibi_firmware
  • my_cloud_home_duo
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')