PT-2022-19867 · Western Digital · Western Digital My Cloud Home+1
Published
2022-12-01
·
Updated
2022-12-06
·
CVE-2022-29837
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud Home (affected versions not specified)
Western Digital My Cloud Home Duo (affected versions not specified)
SanDisk ibi (affected versions not specified)
Description
A path traversal issue was addressed in the mentioned devices, which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files, potentially leading to code execution.
Recommendations
For Western Digital My Cloud Home, update to a version that includes the fix for this issue.
For Western Digital My Cloud Home Duo, update to a version that includes the fix for this issue.
For SanDisk ibi, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the ZIP package installation feature until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sandisk Ibi
Western Digital My Cloud Home