PT-2023-13477 · Sandisk+1 · Sandisk Ibi+1
Published
2023-05-09
·
Updated
2023-05-22
·
CVE-2022-36330
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud Home versions prior to 9.4.0-191
Western Digital My Cloud Home Duo versions prior to 9.4.0-191
SanDisk ibi versions prior to 9.4.0-191
Description
A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.
Recommendations
For Western Digital My Cloud Home versions prior to 9.4.0-191, update to version 9.4.0-191 or later.
For Western Digital My Cloud Home Duo versions prior to 9.4.0-191, update to version 9.4.0-191 or later.
For SanDisk ibi versions prior to 9.4.0-191, update to version 9.4.0-191 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sandisk Ibi
Western Digital My Cloud Home