CVE-2022-36331

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Published: Jun 12, 2023
Updated: Jun 22, 2023
CVE: CVE-2022-36331
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-290

Affected Software
References

Software	From	Fixed in
westerndigital / my_cloud_pr2100_firmware	-	5.25.132
westerndigital / my_cloud_pr4100_firmware	-	5.25.132
westerndigital / my_cloud_ex4100_firmware	-	5.25.132
westerndigital / my_cloud_ex2_ultra_firmware	-	5.25.132
westerndigital / my_cloud_mirror_g2_firmware	-	5.25.132
westerndigital / my_cloud_dl2100_firmware	-	5.25.132
westerndigital / my_cloud_dl4100_firmware	-	5.25.132
westerndigital / my_cloud_ex2100_firmware	-	5.25.132
westerndigital / my_cloud_home_firmware	-	8.13.1-102
westerndigital / my_cloud_home_duo_firmware	-	8.13.1-102
westerndigital / sandisk_ibi_firmware	-	8.13.1-102
westerndigital / my_cloud_firmware	-	5.25.132

Vulnerability Database

289,784

CVE-2022-36331