Skip to main content

My Cloud Home Duo Firmware

5 CVEs product

Monthly

CVE-2022-29837 HIGH This Week

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE My Cloud Home Firmware My Cloud Home Duo Firmware Sandisk Ibi Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-29836 MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal My Cloud Home Firmware My Cloud Home Duo Firmware Sandisk Ibi Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-23006 MEDIUM This Month

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read. Rated medium severity (CVSS 6.7). No vendor patch available.

RCE Stack Overflow Buffer Overflow My Cloud Home Firmware My Cloud Home Duo Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-22998 HIGH This Week

Implemented protections on AWS credentials that were not properly protected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure My Cloud Home Duo Firmware My Cloud Home Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-22997 CRITICAL Act Now

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection My Cloud Home Duo Firmware My Cloud Home Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
EPSS 0% CVSS 7.8
HIGH This Week

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE My Cloud Home Firmware +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal My Cloud Home Firmware My Cloud Home Duo Firmware +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read. Rated medium severity (CVSS 6.7). No vendor patch available.

RCE Stack Overflow Buffer Overflow +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Implemented protections on AWS credentials that were not properly protected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure My Cloud Home Duo Firmware My Cloud Home Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection My Cloud Home Duo Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy