First published: Mon Jun 12 2023(Updated: )
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Pr2100 Firmware | <5.25.132 | |
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 Firmware | <5.25.132 | |
Westerndigital My Cloud Pr4100 | ||
Westerndigital My Cloud Ex4100 Firmware | <5.25.132 | |
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Ex2 Ultra Firmware | <5.25.132 | |
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Mirror G2 Firmware | <5.25.132 | |
Westerndigital My Cloud Mirror G2 | ||
Westerndigital My Cloud Dl2100 Firmware | <5.25.132 | |
Westerndigital My Cloud Dl2100 | ||
Westerndigital My Cloud Dl4100 Firmware | <5.25.132 | |
Westerndigital My Cloud Dl4100 | ||
Westerndigital My Cloud Ex2100 Firmware | <5.25.132 | |
Westerndigital My Cloud Ex2100 | ||
Westerndigital My Cloud Home Firmware | <8.13.1-102 | |
Westerndigital My Cloud Home | ||
Westerndigital My Cloud Home Duo Firmware | <8.13.1-102 | |
Westerndigital My Cloud Home Duo | ||
Westerndigital Sandisk Ibi Firmware | <8.13.1-102 | |
Westerndigital Sandisk Ibi | ||
Westerndigital My Cloud Firmware | <5.25.132 | |
Westerndigital My Cloud |
All My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices have been or will be automatically updated to the latest firmware version. Cloud access will not be available until your My Cloud Home/My Cloud Home Duo/SanDisk ibi device has been updated to firmware version 8.13.1-102 or above. Please refer to this KBA https://support-en.wd.com/app/answers/detailweb/a_id/50563 . Users of other My Cloud devices should promptly update to the latest firmware by clicking the firmware update notification to receive the latest security fixes. Cloud access will not be available until your My Cloud device has been updated to firmware version 5.25.132 or above. Please refer to this KBA https://support-en.wd.com/app/answers/detailweb/a_id/50564 .
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-36331 is a vulnerability that affects Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices.
CVE-2022-36331 has a severity rating of 7.5 (out of 10), indicating it is critical.
CVE-2022-36331 affects Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices.
CVE-2022-36331 can be exploited by an unauthenticated attacker to gain access to user data.
To fix CVE-2022-36331, update your affected devices to My Cloud OS 5 devices version 5.25.132 or later.