{"api_version":"1","generated_at":"2026-04-25T01:28:49+00:00","cve":"CVE-2022-23006","urls":{"html":"https://cve.report/CVE-2022-23006","api":"https://cve.report/api/cve/CVE-2022-23006.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-23006","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-23006"},"summary":{"title":"CVE-2022-23006","description":"A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.","state":"PUBLIC","assigner":"psirt@wdc.com","published_at":"2022-09-27 23:15:00","updated_at":"2022-10-03 18:40:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23006","name":"https://nvd.nist.gov/vuln/detail/CVE-2022-23006","refsource":"MISC","tags":[],"title":"NVD - CVE-2022-23006","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.westerndigital.com/support/product-security/wdc-22015-western-digital-my-cloud-home-and-sandisk-ibi-firmware-version-8-10-0-117","name":"https://www.westerndigital.com/support/product-security/wdc-22015-western-digital-my-cloud-home-and-sandisk-ibi-firmware-version-8-10-0-117","refsource":"MISC","tags":["Vendor Advisory"],"title":"WDC-22015 Western Digital My Cloud Home and SanDisk ibi Firmware Version 8.10.0-117 | Western Digital","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-23006","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"23006","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"westerndigital","cpe5":"my_cloud_home","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23006","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"westerndigital","cpe5":"my_cloud_home_duo","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23006","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"westerndigital","cpe5":"my_cloud_home_duo_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23006","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"westerndigital","cpe5":"my_cloud_home_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23006","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"westerndigital","cpe5":"sandisk_ibi","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"23006","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"westerndigital","cpe5":"sandisk_ibi_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@wdc.com","ID":"CVE-2022-23006","STATE":"PUBLIC","TITLE":"Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"My Cloud Home","version":{"version_data":[{"platform":"Linux","version_affected":"<","version_name":"8.10.0-117","version_value":"8.10.0-117"}]}},{"product_name":"My Cloud Home Duo","version":{"version_data":[{"platform":"Linux","version_affected":"<","version_name":"8.10.0-117","version_value":"8.10.0-117"}]}}]},"vendor_name":"Western Digital"},{"product":{"product_data":[{"product_name":"ibi","version":{"version_data":[{"platform":"Linux","version_affected":"<","version_name":"8.10.0-117","version_value":"8.10.0-117"}]}}]},"vendor_name":"SanDisk"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":1.8,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-121 Stack-based Buffer Overflow"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23006","name":"https://nvd.nist.gov/vuln/detail/CVE-2022-23006"}]},"solution":[{"lang":"eng","value":"Your device will be automatically updated to the latest firmware version."}],"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2022-09-27 23:15:00","lastModifiedDate":"2022-10-03 18:40:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.10.0-117","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.10.0-117","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.10.0-117","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"23006","Ordinal":"225597","Title":"CVE-2022-23006","CVE":"CVE-2022-23006","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"23006","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}