CVE-2022-36330
Summary
| CVE | CVE-2022-36330 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-05-10 00:15:00 UTC |
| Updated | 2023-05-22 13:58:00 UTC |
| Description | A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Westerndigital | My Cloud Home | - | All | All | All |
| Hardware | Westerndigital | My Cloud Home Duo | - | All | All | All |
| Operating System | Westerndigital | My Cloud Home Duo Firmware | All | All | All | All |
| Operating System | Westerndigital | My Cloud Home Firmware | All | All | All | All |
| Hardware | Westerndigital | Sandisk Ibi | - | All | All | All |
| Operating System | Westerndigital | Sandisk Ibi Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| WDC-23003 Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 9.4.0-191 | Western Digital | MISC | www.westerndigital.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.