CVE-2022-29837

MEDIUM

4.7

Descripcion

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

Detalles CVE

Puntuacion CVSS v3.14.7

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Vector de ataqueLOCAL

ComplejidadHIGH

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado12/1/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

westerndigital:my_cloud_homewesterndigital:my_cloud_home_duowesterndigital:my_cloud_home_duo_firmwarewesterndigital:my_cloud_home_firmwarewesterndigital:sandisk_ibiwesterndigital:sandisk_ibi_firmware

Debilidades (CWE)

CWE-22CWE-22

Referencias

https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178(psirt@wdc.com)

https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.