CVE-2022-23006: Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi
First published: Tue Sep 27 2022(Updated: )
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.
Credit: psirt@wdc.com psirt@wdc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital My Cloud Home Firmware | <8.10.0-117 | |
| Westerndigital My Cloud Home | ||
| Westerndigital My Cloud Home Duo Firmware | <8.10.0-117 | |
| Westerndigital My Cloud Home Duo | ||
| Westerndigital Sandisk Ibi Firmware | <8.10.0-117 | |
| Westerndigital Sandisk Ibi | ||
| All of | ||
| Westerndigital My Cloud Home Firmware | <8.10.0-117 | |
| Westerndigital My Cloud Home | ||
| All of | ||
| Westerndigital My Cloud Home Duo Firmware | <8.10.0-117 | |
| Westerndigital My Cloud Home Duo | ||
| All of | ||
| Westerndigital Sandisk Ibi Firmware | <8.10.0-117 | |
| Westerndigital Sandisk Ibi |
Remedy
Your device will be automatically updated to the latest firmware version.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-23006?
CVE-2022-23006 is a stack-based buffer overflow vulnerability found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices.
How severe is CVE-2022-23006?
CVE-2022-23006 has a severity value of 6.7, which is considered medium.
How does CVE-2022-23006 affect Western Digital My Cloud Home?
CVE-2022-23006 allows an attacker with local access to read information from the /etc/version file on Western Digital My Cloud Home devices.
How can CVE-2022-23006 be exploited?
CVE-2022-23006 can only be exploited by chaining it with another issue.
How can I fix CVE-2022-23006?
To fix CVE-2022-23006, you should update the firmware of your Western Digital My Cloud Home, My Cloud Home Duo, or SanDisk ibi device to version 8.10.0-117 or later.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/author
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- vendor/westerndigital
- canonical/westerndigital my cloud home firmware
- canonical/westerndigital my cloud home
- canonical/westerndigital my cloud home duo firmware
- canonical/westerndigital my cloud home duo
- canonical/westerndigital sandisk ibi firmware
- canonical/westerndigital sandisk ibi