First published: Thu Dec 01 2022(Updated: )
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Home Firmware | <8.12.0-178 | |
Westerndigital My Cloud Home | ||
Westerndigital My Cloud Home Duo Firmware | <8.12.0-178 | |
Westerndigital My Cloud Home Duo | ||
Westerndigital Sandisk Ibi Firmware | <8.12.0-178 | |
Westerndigital Sandisk Ibi |
The user's My Cloud Home, My Cloud Home Duo and ibi devices will be automatically updated to reflect the latest firmware version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-29837.
The severity of CVE-2022-29837 is high (CVSS score 7.8).
Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi are affected by CVE-2022-29837.
An attacker can initiate installation of custom ZIP packages and overwrite system files, potentially leading to code execution.
To fix CVE-2022-29837, it is recommended to update the firmware to version 8.12.0-178 or later for the affected Western Digital products.