CVE-2022-29837
Summary
| CVE | CVE-2022-29837 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-01 17:15:00 UTC |
| Updated | 2022-12-06 16:44:00 UTC |
| Description | A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Westerndigital | My Cloud Home | - | All | All | All |
| Hardware | Westerndigital | My Cloud Home Duo | - | All | All | All |
| Operating System | Westerndigital | My Cloud Home Duo Firmware | All | All | All | All |
| Operating System | Westerndigital | My Cloud Home Firmware | All | All | All | All |
| Hardware | Westerndigital | Sandisk Ibi | - | All | All | All |
| Operating System | Westerndigital | Sandisk Ibi Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WDC-22018 Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 8.12.0-178 | Western Digital | MISC | www.westerndigital.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.