What is the severity of CVE-2024-22168?

CVE-2024-22168 is categorized as a high severity Cross-Site Scripting (XSS) vulnerability.

How do I fix CVE-2024-22168?

To mitigate CVE-2024-22168, users should update their Western Digital My Cloud, My Cloud Home, SanDisk ibi, or WD Cloud web apps to the latest version.

What are the potential impacts of CVE-2024-22168?

CVE-2024-22168 could allow an attacker to redirect users to a malicious domain or execute arbitrary client-side code in the user's browser.

Which products are affected by CVE-2024-22168?

CVE-2024-22168 affects the Western Digital My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps.

Is user interaction required for exploiting CVE-2024-22168?

Yes, user interaction is required as the vulnerability involves XSS, which typically relies on the user visiting a crafted page.

Vulnerability/
CVE-2024-22168

medium

5.9

CWE

24/6/2024

1/8/2024

CVE-2024-22168: Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

First published: Mon Jun 24 2024(Updated: )

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry out malicious activities.The web apps for these devices have been automatically updated to resolve this vulnerability and improve the security of your devices and data.

Credit: psirt@wdc.com

Affected Software	Affected Version	How to fix
Western Digital My Cloud firmware
SanDisk ibi firmware

Remedy

The web apps for these devices have been automatically updated to resolve this vulnerability and improve the security of your devices and data.

Never miss a vulnerability like this again

Reference Links

https://www.westerndigital.com/support/product-security/wdc-24003-western-digital-my-cloud-os-5-my-cloud-home-sandisk-ibi-and-wd-cloud-web-app-update

Frequently Asked Questions

What is the severity of CVE-2024-22168?
CVE-2024-22168 is categorized as a high severity Cross-Site Scripting (XSS) vulnerability.
How do I fix CVE-2024-22168?
To mitigate CVE-2024-22168, users should update their Western Digital My Cloud, My Cloud Home, SanDisk ibi, or WD Cloud web apps to the latest version.
What are the potential impacts of CVE-2024-22168?
CVE-2024-22168 could allow an attacker to redirect users to a malicious domain or execute arbitrary client-side code in the user's browser.
Which products are affected by CVE-2024-22168?
CVE-2024-22168 affects the Western Digital My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps.
Is user interaction required for exploiting CVE-2024-22168?
Yes, user interaction is required as the vulnerability involves XSS, which typically relies on the user visiting a crafted page.

agent/remedy
agent/weakness
agent/title
agent/references
agent/first-publish-date
agent/description
agent/type
agent/author
collector/nvd-api
source/NVD
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
vendor/western digital
canonical/western digital my cloud firmware
vendor/sandisk
canonical/sandisk ibi firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.