TROYANOSYVIRUS
Retour aux CVEs

CVE-2022-36331

CRITICAL
10.0

Description

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Details CVE

Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie6/12/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

westerndigital:my_cloudwesterndigital:my_cloud_dl2100westerndigital:my_cloud_dl2100_firmwarewesterndigital:my_cloud_dl4100westerndigital:my_cloud_dl4100_firmwarewesterndigital:my_cloud_ex2100westerndigital:my_cloud_ex2100_firmwarewesterndigital:my_cloud_ex2_ultrawesterndigital:my_cloud_ex2_ultra_firmwarewesterndigital:my_cloud_ex4100westerndigital:my_cloud_ex4100_firmwarewesterndigital:my_cloud_firmwarewesterndigital:my_cloud_homewesterndigital:my_cloud_home_duowesterndigital:my_cloud_home_duo_firmwarewesterndigital:my_cloud_home_firmwarewesterndigital:my_cloud_mirror_g2westerndigital:my_cloud_mirror_g2_firmwarewesterndigital:my_cloud_pr2100westerndigital:my_cloud_pr2100_firmwarewesterndigital:my_cloud_pr4100westerndigital:my_cloud_pr4100_firmwarewesterndigital:sandisk_ibiwesterndigital:sandisk_ibi_firmware

Faiblesses (CWE)

CWE-290CWE-290

References

https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update(psirt@wdc.com)
https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update(nvd@nist.gov)
https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.