Vulnerability Description
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Home Firmware | < 8.12.0-178 |
| Westerndigital | My Cloud Home | - |
| Westerndigital | My Cloud Home Duo Firmware | < 8.12.0-178 |
| Westerndigital | My Cloud Home Duo | - |
| Westerndigital | Sandisk Ibi Firmware | < 8.12.0-178 |
| Westerndigital | Sandisk Ibi | - |
Related Weaknesses (CWE)
References
- https://www.westerndigital.com/support/product-security/wdc-22018-western-digitaVendor Advisory
- https://www.westerndigital.com/support/product-security/wdc-22018-western-digitaVendor Advisory
FAQ
What is CVE-2022-29837?
CVE-2022-29837 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overw...
How severe is CVE-2022-29837?
CVE-2022-29837 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29837?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Home Firmware, Westerndigital My Cloud Home, Westerndigital My Cloud Home Duo Firmware, Westerndigital My Cloud Home Duo, Westerndigital Sandisk Ibi Firmware.