CVE-2022-36331 — CRITICAL (10.0)

Q: How severe is CVE-2022-36331?

CVE-2022-36331 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-36331?

Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Pr2100 Firmware, Westerndigital My Cloud Pr2100, Westerndigital My Cloud Pr4100 Firmware, Westerndigital My Cloud Pr4100, Westerndigital My Cloud Ex4100 Firmware.

Vulnerability Description

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Westerndigital	My Cloud Pr2100 Firmware	< 5.25.132
Westerndigital	My Cloud Pr2100	-
Westerndigital	My Cloud Pr4100 Firmware	< 5.25.132
Westerndigital	My Cloud Pr4100	-
Westerndigital	My Cloud Ex4100 Firmware	< 5.25.132
Westerndigital	My Cloud Ex4100	-
Westerndigital	My Cloud Ex2 Ultra Firmware	< 5.25.132
Westerndigital	My Cloud Ex2 Ultra	-
Westerndigital	My Cloud Mirror G2 Firmware	< 5.25.132
Westerndigital	My Cloud Mirror G2	-
Westerndigital	My Cloud Dl2100 Firmware	< 5.25.132
Westerndigital	My Cloud Dl2100	-
Westerndigital	My Cloud Dl4100 Firmware	< 5.25.132
Westerndigital	My Cloud Dl4100	-
Westerndigital	My Cloud Ex2100 Firmware	< 5.25.132
Westerndigital	My Cloud Ex2100	-
Westerndigital	My Cloud Home Firmware	< 8.13.1-102
Westerndigital	My Cloud Home	-
Westerndigital	My Cloud Home Duo Firmware	< 8.13.1-102
Westerndigital	My Cloud Home Duo	-

Related Weaknesses (CWE)

CWE-290

References

FAQ

What is CVE-2022-36331?

CVE-2022-36331 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data....

How severe is CVE-2022-36331?

CVE-2022-36331 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-36331?

Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Pr2100 Firmware, Westerndigital My Cloud Pr2100, Westerndigital My Cloud Pr4100 Firmware, Westerndigital My Cloud Pr4100, Westerndigital My Cloud Ex4100 Firmware.