CVE-2022-29837

Summary

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

Affected Software

VendorProductVersion RangeStatus
Western DigitalMy Cloud HomeMy Cloud Home < 8.12.0-178affected
Western DigitalMy Cloud HomeMy Cloud Home Duo < 8.12.0-178affected
SanDiskibiibi < 8.12.0-178affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References