Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

westerndigital my cloud home duo firmware vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2

CVE-2022-22997

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an malicious user to execute unsigned code on My Cloud Home devices.
Westerndigital My Cloud Home Duo FirmwareWesterndigital My Cloud Home Firmware
5
CVSSv2

CVE-2022-22998

Implemented protections on AWS credentials that were not properly protected.
Westerndigital My Cloud Home Duo FirmwareWesterndigital My Cloud Home Firmware
NA

CVE-2023-22817

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was ad...
Westerndigital My Cloud Pr2100 FirmwareWesterndigital My Cloud Pr4100 FirmwareWesterndigital My Cloud Ex4100 FirmwareWesterndigital My Cloud Ex2 Ultra FirmwareWesterndigital My Cloud Mirror G2 FirmwareWesterndigital My Cloud Dl2100 FirmwareWesterndigital My Cloud Dl4100 FirmwareWesterndigital My Cloud Ex2100 FirmwareWesterndigital My Cloud Glacier FirmwareWesterndigital Wd Cloud FirmwareWesterndigital My Cloud Home FirmwareWesterndigital My Cloud Home Duo FirmwareWesterndigital Sandisk Ibi Firmware
NA

CVE-2023-22819

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted exists in Western Digital My Cloud Home, My Cloud Home Duo, SanD...
Westerndigital My Cloud Pr4100 FirmwareWesterndigital My Cloud Ex4100 FirmwareWesterndigital My Cloud Ex2 Ultra FirmwareWesterndigital My Cloud Mirror G2 FirmwareWesterndigital My Cloud Dl2100 FirmwareWesterndigital My Cloud Dl4100 FirmwareWesterndigital My Cloud Ex2100 FirmwareWesterndigital My Cloud Glacier FirmwareWesterndigital Wd Cloud FirmwareWesterndigital My Cloud Home FirmwareWesterndigital My Cloud Home Duo FirmwareWesterndigital Sandisk Ibi Firmware
NA

CVE-2022-36331

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated malicious user to gain access to user data. This issue affects My Cloud OS 5 devices: prior to 5.25.132; My Cloud Hom...
Westerndigital My Cloud Pr2100 FirmwareWesterndigital My Cloud Pr4100 FirmwareWesterndigital My Cloud Ex4100 FirmwareWesterndigital My Cloud Ex2 Ultra FirmwareWesterndigital My Cloud Mirror G2 FirmwareWesterndigital My Cloud Dl2100 FirmwareWesterndigital My Cloud Dl4100 FirmwareWesterndigital My Cloud Ex2100 FirmwareWesterndigital My Cloud Home FirmwareWesterndigital My Cloud Home Duo FirmwareWesterndigital Sandisk Ibi FirmwareWesterndigital My Cloud Firmware
NA

CVE-2022-36326

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted exists in Western Digital My Cloud Home, My Cloud Home Duo, SanD...
Westerndigital My Cloud Os 5Westerndigital My Cloud Home FirmwareWesterndigital Sandisk Ibi FirmwareWesterndigital My Cloud Home Duo Firmware
NA

CVE-2022-36328

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an malicious user to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations exists in Weste...
Westerndigital My Cloud Os 5Westerndigital My Cloud Home FirmwareWesterndigital Sandisk Ibi FirmwareWesterndigital My Cloud Home Duo Firmware
NA

CVE-2022-36327

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an malicious user to write files to locations with certain critical filesystem types leading to remote code execution exists in Western Digital My Cloud Home, M...
Westerndigital My Cloud Os 5Westerndigital My Cloud Home FirmwareWesterndigital Sandisk Ibi FirmwareWesterndigital My Cloud Home Duo Firmware
NA

CVE-2022-36329

An improper privilege management issue that could allow an malicious user to cause a denial of service over the OTA mechanism exists in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: prior to 9.4.0-...
Westerndigital My Cloud Home FirmwareWesterndigital My Cloud Home Duo FirmwareWesterndigital Sandisk Ibi Firmware
NA

CVE-2022-36330

A buffer overflow vulnerability exists on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise ...
Westerndigital My Cloud Home Duo FirmwareWesterndigital Sandisk Ibi FirmwareWesterndigital My Cloud Home Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834CVE-2024-30100CVE-2024-4577physicaldosCVE-2024-30099CVE-2024-27801CVE-2024-32146logic flaw
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook