CVE-2022-36328

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud Home versions prior to 9.4.0-191 Western Digital My Cloud Home Duo versions prior to 9.4.0-191 SanDisk ibi versions prior to 9.4.0-191 Western Digital My Cloud OS 5 versions prior to 5.26.202

Description A Path Traversal vulnerability was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi, and Western Digital My Cloud OS 5 devices. This issue could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users, and device configurations. The exploitation of this issue requires an attacker to gain root privileges on the devices using an authentication bypass issue or another vulnerability.

Recommendations For Western Digital My Cloud Home and My Cloud Home Duo versions prior to 9.4.0-191, update to version 9.4.0-191 or later. For SanDisk ibi versions prior to 9.4.0-191, update to version 9.4.0-191 or later. For Western Digital My Cloud OS 5 versions prior to 5.26.202, update to version 5.26.202 or later. As a temporary workaround, consider restricting access to sensitive files and directories until a patch is available.