CVE-2022-29837
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Western Digital | My Cloud Home | My Cloud Home < 8.12.0-178 | affected |
| Western Digital | My Cloud Home | My Cloud Home Duo < 8.12.0-178 | affected |
| SanDisk | ibi | ibi < 8.12.0-178 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.