CVE-2022-29836

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud Home versions prior to 8.11.0-113 Western Digital My Cloud Home Duo versions prior to 8.11.0-113 SanDisk ibi versions prior to 8.11.0-113

Description A Path Traversal vulnerability was discovered via an HTTP API on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This issue could allow an attacker to abuse certain parameters to point to random locations on the file system, potentially initiating the installation of custom packages at these locations. The attacker must be authenticated to the device to exploit this issue.

Recommendations For Western Digital My Cloud Home versions prior to 8.11.0-113, update to version 8.11.0-113 or later to resolve the issue. For Western Digital My Cloud Home Duo versions prior to 8.11.0-113, update to version 8.11.0-113 or later to resolve the issue. For SanDisk ibi versions prior to 8.11.0-113, update to version 8.11.0-113 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP API until a patch is available.