← Back

CVE-2022-36331

nvd nist
Published: Jun 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Affected (12)

Westerndigital
12 products
My Cloud Pr2100 Firmware
My Cloud Pr4100 Firmware
My Cloud Ex4100 Firmware
My Cloud Ex2 Ultra Firmware
My Cloud Mirror G2 Firmware
My Cloud Dl2100 Firmware
My Cloud Dl4100 Firmware
My Cloud Ex2100 Firmware
My Cloud Home Firmware
My Cloud Home Duo Firmware
Sandisk Ibi Firmware
My Cloud Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Pr2100 Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Pr2100
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Pr4100 Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Pr4100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex4100 Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Ex4100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex2 Ultra Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Ex2 Ultra
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Mirror G2 Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Mirror G2
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Dl2100 Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Dl2100
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Dl4100 Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Dl4100
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex2100 Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud Ex2100
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Home Firmware
Before 8.13.1-102
Running on/withPlatform Versions
Westerndigital
My Cloud Home
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Home Duo Firmware
Before 8.13.1-102
Running on/withPlatform Versions
Westerndigital
My Cloud Home Duo
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sandisk Ibi Firmware
Before 8.13.1-102
Running on/withPlatform Versions
Westerndigital
Sandisk Ibi
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Firmware
Before 5.25.132
Running on/withPlatform Versions
Westerndigital
My Cloud
All versions

Related CWEs

CWE-290
Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (3)

Source: psirt@wdc.com
Broken Link
Source: nvd@nist.gov
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.