First published: Tue Sep 27 2022(Updated: )
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.
Credit: psirt@wdc.com psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Home Firmware | <8.10.0-117 | |
Westerndigital My Cloud Home | ||
Westerndigital My Cloud Home Duo Firmware | <8.10.0-117 | |
Westerndigital My Cloud Home Duo | ||
Westerndigital Sandisk Ibi Firmware | <8.10.0-117 | |
Westerndigital Sandisk Ibi | ||
All of | ||
Westerndigital My Cloud Home Firmware | <8.10.0-117 | |
Westerndigital My Cloud Home | ||
All of | ||
Westerndigital My Cloud Home Duo Firmware | <8.10.0-117 | |
Westerndigital My Cloud Home Duo | ||
All of | ||
Westerndigital Sandisk Ibi Firmware | <8.10.0-117 | |
Westerndigital Sandisk Ibi |
Your device will be automatically updated to the latest firmware version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23006 is a stack-based buffer overflow vulnerability found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices.
CVE-2022-23006 has a severity value of 6.7, which is considered medium.
CVE-2022-23006 allows an attacker with local access to read information from the /etc/version file on Western Digital My Cloud Home devices.
CVE-2022-23006 can only be exploited by chaining it with another issue.
To fix CVE-2022-23006, you should update the firmware of your Western Digital My Cloud Home, My Cloud Home Duo, or SanDisk ibi device to version 8.10.0-117 or later.