CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29836

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.9%

CVSS Severity

CVSS v3 Score 1.9

References

Products affected by CVE-2022-29836

Westerndigital » My Cloud Home » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_home:-
Westerndigital » My Cloud Home Duo » Version: N/A

cpe:2.3:h:westerndigital:my_cloud_home_duo:-
Westerndigital » Sandisk Ibi » Version: N/A

cpe:2.3:h:westerndigital:sandisk_ibi:-
Westerndigital » My Cloud Home Duo Firmware » Version: N/A

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:-
Westerndigital » My Cloud Home Duo Firmware » Version: 7.15.1-101

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:7.15.1-101
Westerndigital » My Cloud Home Duo Firmware » Version: 7.16.0-220

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:7.16.0-220
Westerndigital » My Cloud Home Duo Firmware » Version: 8.10.0-117

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.10.0-117
Westerndigital » My Cloud Home Duo Firmware » Version: 8.2.0-132

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.2.0-132
Westerndigital » My Cloud Home Duo Firmware » Version: 8.5.1-102

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.5.1-102
Westerndigital » My Cloud Home Duo Firmware » Version: 8.6.0-117

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.6.0-117
Westerndigital » My Cloud Home Duo Firmware » Version: 8.6.1-100

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.6.1-100
Westerndigital » My Cloud Home Duo Firmware » Version: 8.6.2-102

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.6.2-102
Westerndigital » My Cloud Home Duo Firmware » Version: 8.7.0-107

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:8.7.0-107
Westerndigital » My Cloud Home Firmware » Version: N/A

cpe:2.3:o:westerndigital:my_cloud_home_firmware:-
Westerndigital » My Cloud Home Firmware » Version: 7.15.1-101

cpe:2.3:o:westerndigital:my_cloud_home_firmware:7.15.1-101
Westerndigital » My Cloud Home Firmware » Version: 7.16.0-220

cpe:2.3:o:westerndigital:my_cloud_home_firmware:7.16.0-220
Westerndigital » My Cloud Home Firmware » Version: 8.10.0-117

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.10.0-117
Westerndigital » My Cloud Home Firmware » Version: 8.2.0-132

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.2.0-132
Westerndigital » My Cloud Home Firmware » Version: 8.5.1-102

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.5.1-102
Westerndigital » My Cloud Home Firmware » Version: 8.6.0-117

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.6.0-117
Westerndigital » My Cloud Home Firmware » Version: 8.6.1-100

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.6.1-100
Westerndigital » My Cloud Home Firmware » Version: 8.6.2-102

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.6.2-102
Westerndigital » My Cloud Home Firmware » Version: 8.7.0-107

cpe:2.3:o:westerndigital:my_cloud_home_firmware:8.7.0-107
Westerndigital » Sandisk Ibi Firmware » Version: N/A

cpe:2.3:o:westerndigital:sandisk_ibi_firmware:-
Westerndigital » Sandisk Ibi Firmware » Version: 8.10.0-117

cpe:2.3:o:westerndigital:sandisk_ibi_firmware:8.10.0-117

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29836

Products

Pricing

Contact Us