A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
06 Dec 2022, 16:44
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CPE | cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:* |
|
| First Time |
Westerndigital sandisk Ibi Firmware
Westerndigital Westerndigital my Cloud Home Westerndigital my Cloud Home Firmware Westerndigital my Cloud Home Duo Westerndigital my Cloud Home Duo Firmware Westerndigital sandisk Ibi |
|
| References | (MISC) https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178 - Vendor Advisory | |
| CWE | CWE-22 |
01 Dec 2022, 18:21
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-12-01 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-29837
Mitre link : CVE-2022-29837
CVE.ORG link : CVE-2022-29837
JSON object : View
Products Affected
westerndigital
- my_cloud_home_duo_firmware
- my_cloud_home_duo
- sandisk_ibi_firmware
- my_cloud_home_firmware
- my_cloud_home
- sandisk_ibi
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')