CVE-2022-36331

Summary

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Affected Software

VendorProductVersion RangeStatus
Western DigitalMy Cloud OS 50 < 5.25.132affected
Western DigitalMy Cloud Home and My Cloud Home Duo0 < 8.13.1-102affected
SanDiskibi0 < 8.13.1-102affected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References