First published: Tue May 09 2023(Updated: )
A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Home Duo Firmware | <9.4.0-191 | |
Westerndigital My Cloud Home Duo | ||
Westerndigital Sandisk Ibi Firmware | <9.4.0-191 | |
Westerndigital Sandisk Ibi | ||
Westerndigital My Cloud Home Firmware | <9.4.0-191 | |
Westerndigital My Cloud Home |
For My Cloud Home, My Cloud Home Duo and SanDisk ibi devices will be automatically updated to reflect the latest firmware version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID for this vulnerability is CVE-2022-36330.
The severity of CVE-2022-36330 is high (8.1).
CVE-2022-36330 affects Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices.
An attacker can exploit CVE-2022-36330 by exploiting another vulnerability to raise their privileges and then perform an unauthenticated remote code execution.
Yes, Western Digital has released a firmware version 9.4.0-191 to address the vulnerability. It is recommended to update to this version.