Vulnerability Description
A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Home Duo Firmware | < 9.4.0-191 |
| Westerndigital | My Cloud Home Duo | - |
| Westerndigital | Sandisk Ibi Firmware | < 9.4.0-191 |
| Westerndigital | Sandisk Ibi | - |
| Westerndigital | My Cloud Home Firmware | < 9.4.0-191 |
| Westerndigital | My Cloud Home | - |
Related Weaknesses (CWE)
References
- https://www.westerndigital.com/support/product-security/wdc-23003-western-digitaVendor Advisory
- https://www.westerndigital.com/support/product-security/wdc-23003-western-digitaVendor Advisory
FAQ
What is CVE-2022-36330?
CVE-2022-36330 is a vulnerability with a CVSS score of 1.9 (LOW). A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDis...
How severe is CVE-2022-36330?
CVE-2022-36330 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36330?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Home Duo Firmware, Westerndigital My Cloud Home Duo, Westerndigital Sandisk Ibi Firmware, Westerndigital Sandisk Ibi, Westerndigital My Cloud Home Firmware.