CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23006

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.9%

CVSS Severity

CVSS v3 Score 1.8

References

Products affected by CVE-2022-23006

Westerndigital » My Cloud Home » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_home:-
Westerndigital » My Cloud Home Duo » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_home_duo:-
Westerndigital » Sandisk Ibi » Version: N/A

cpe:2.3:h:westerndigital:sandisk_ibi:-
Westerndigital » My Cloud Home Duo Firmware » Version: N/A

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:-
Westerndigital » My Cloud Home Duo Firmware » Version: 7.15.1-101

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:7.15.1-101
Westerndigital » My Cloud Home Duo Firmware » Version: 7.16.0-220

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:7.16.0-220
Westerndigital » My Cloud Home Duo Firmware » Version: 8.2.0-132

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.2.0-132
Westerndigital » My Cloud Home Duo Firmware » Version: 8.5.1-102

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.5.1-102
Westerndigital » My Cloud Home Duo Firmware » Version: 8.6.0-117

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.6.0-117
Westerndigital » My Cloud Home Duo Firmware » Version: 8.6.1-100

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.6.1-100
Westerndigital » My Cloud Home Duo Firmware » Version: 8.6.2-102

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.6.2-102
Westerndigital » My Cloud Home Duo Firmware » Version: 8.7.0-107

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.7.0-107
Westerndigital » My Cloud Home Firmware » Version: N/A

cpe:2.3:o:westerndigital:my_cloud_home_firmware:-
Westerndigital » My Cloud Home Firmware » Version: 7.15.1-101

cpe:2.3:o:westerndigital:my_cloud_home_firmware:7.15.1-101
Westerndigital » My Cloud Home Firmware » Version: 7.16.0-220

cpe:2.3:o:westerndigital:my_cloud_home_firmware:7.16.0-220
Westerndigital » My Cloud Home Firmware » Version: 8.2.0-132

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.2.0-132
Westerndigital » My Cloud Home Firmware » Version: 8.5.1-102

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.5.1-102
Westerndigital » My Cloud Home Firmware » Version: 8.6.0-117

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.6.0-117
Westerndigital » My Cloud Home Firmware » Version: 8.6.1-100

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.6.1-100
Westerndigital » My Cloud Home Firmware » Version: 8.6.2-102

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.6.2-102
Westerndigital » My Cloud Home Firmware » Version: 8.7.0-107

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.7.0-107
Westerndigital » Sandisk Ibi Firmware » Version: N/A

cpe:2.3:o:westerndigital:sandisk_ibi_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23006

Products

Pricing

Contact Us