CVE-2022-36326

Published: May 18, 2023Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.

Affected (4)

Products: Westerndigital: My Cloud Os 5, My Cloud Home Firmware, Sandisk Ibi Firmware, My Cloud Home Duo Firmware

Westerndigital

4 products

My Cloud Os 5

My Cloud Home Firmware

Sandisk Ibi Firmware

My Cloud Home Duo Firmware

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Westerndigital My Cloud Os 5	Before 5.26.202

Running on/with	Platform Versions
Westerndigital My Cloud	All versions
Westerndigital My Cloud Dl2100	All versions
Westerndigital My Cloud Dl4100	All versions
Westerndigital My Cloud Ex2100	All versions
Westerndigital My Cloud Ex2 Ultra	All versions
Westerndigital My Cloud Ex4100	All versions
Westerndigital My Cloud Mirror G2	All versions
Westerndigital My Cloud Pr2100	All versions
Westerndigital My Cloud Pr4100	All versions
Westerndigital Wd Cloud	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Westerndigital My Cloud Home Firmware	Before 9.4.0-191

Running on/with	Platform Versions
Westerndigital My Cloud Home	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Westerndigital Sandisk Ibi Firmware	Before 9.4.0-191

Running on/with	Platform Versions
Westerndigital Sandisk Ibi	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Westerndigital My Cloud Home Duo Firmware	Before 9.4.0-191

Running on/with	Platform Versions
Westerndigital My Cloud Home Duo	All versions

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191

Source: psirt@wdc.com

Release NotesVendor Advisory

https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

Source: psirt@wdc.com

Release NotesVendor Advisory

https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.