CVE-2022-36326

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud Home versions before 9.4.0-191 Western Digital My Cloud Home Duo versions before 9.4.0-191 SanDisk ibi versions before 9.4.0-191 Western Digital My Cloud OS 5 versions before 5.26.202

Description An uncontrolled resource consumption issue could arise by sending crafted requests to a service, consuming a large amount of memory and eventually resulting in the service being stopped and restarted. This issue requires the attacker to already have root privileges in order to exploit it.

Recommendations For Western Digital My Cloud Home versions before 9.4.0-191, update to version 9.4.0-191 or later. For Western Digital My Cloud Home Duo versions before 9.4.0-191, update to version 9.4.0-191 or later. For SanDisk ibi versions before 9.4.0-191, update to version 9.4.0-191 or later. For Western Digital My Cloud OS 5 versions before 5.26.202, update to version 5.26.202 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2022-36326

ZDI-23-851

Affected Products

Sandisk Ibi

Western Digital My Cloud Home

Western Digital My Cloud Os 5

CVE-2022-36326

Weakness Enumeration

Related Identifiers

Affected Products

References · 10