Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.
This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
History
21 Jun 2023, 13:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Westerndigital my Cloud Pr2100 Firmware
Westerndigital my Cloud Pr4100 Westerndigital my Cloud Ex4100 Westerndigital my Cloud Home Duo Westerndigital my Cloud Firmware Westerndigital my Cloud Pr4100 Firmware Westerndigital my Cloud Ex2 Ultra Firmware Westerndigital my Cloud Westerndigital my Cloud Dl4100 Firmware Westerndigital my Cloud Home Duo Firmware Westerndigital my Cloud Mirror G2 Westerndigital Westerndigital my Cloud Dl2100 Firmware Westerndigital my Cloud Pr2100 Westerndigital sandisk Ibi Westerndigital my Cloud Ex2100 Firmware Westerndigital sandisk Ibi Firmware Westerndigital my Cloud Home Westerndigital my Cloud Mirror G2 Firmware Westerndigital my Cloud Ex4100 Firmware Westerndigital my Cloud Ex2100 Westerndigital my Cloud Dl2100 Westerndigital my Cloud Home Firmware Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Dl4100 |
|
References |
|
|
References | (MISC) https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update - Broken Link | |
CPE | cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-290 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
12 Jun 2023, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-12 18:15
Updated : 2023-12-10 15:01
NVD link : CVE-2022-36331
Mitre link : CVE-2022-36331
CVE.ORG link : CVE-2022-36331
JSON object : View
Products Affected
westerndigital
- my_cloud_mirror_g2_firmware
- sandisk_ibi_firmware
- my_cloud_ex4100
- my_cloud_dl4100_firmware
- my_cloud_pr2100
- my_cloud_ex4100_firmware
- my_cloud_ex2100
- my_cloud_ex2_ultra
- my_cloud_home_duo_firmware
- my_cloud_home
- my_cloud_home_duo
- my_cloud_ex2_ultra_firmware
- my_cloud_ex2100_firmware
- my_cloud_dl2100
- my_cloud_pr4100
- my_cloud_dl2100_firmware
- my_cloud_mirror_g2
- my_cloud_pr4100_firmware
- my_cloud_pr2100_firmware
- my_cloud_home_firmware
- sandisk_ibi
- my_cloud_firmware
- my_cloud
- my_cloud_dl4100
CWE
CWE-290
Authentication Bypass by Spoofing