CVE-2022-36331
Last modified
CVE-2022-36331 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102. . EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Pr2100 Firmware | < 5.25.132 |
| Westerndigital | My Cloud Pr4100 Firmware | < 5.25.132 |
| Westerndigital | My Cloud Ex4100 Firmware | < 5.25.132 |
| Westerndigital | My Cloud Ex2 Ultra Firmware | < 5.25.132 |
| Westerndigital | My Cloud Mirror G2 Firmware | < 5.25.132 |
| Westerndigital | My Cloud Dl2100 Firmware | < 5.25.132 |
| Westerndigital | My Cloud Dl4100 Firmware | < 5.25.132 |
| Westerndigital | My Cloud Ex2100 Firmware | < 5.25.132 |
| Westerndigital | My Cloud Home Firmware | < 8.13.1-102 |
| Westerndigital | My Cloud Home Duo Firmware | < 8.13.1-102 |
| Westerndigital | Sandisk Ibi Firmware | < 8.13.1-102 |
| Westerndigital | My Cloud Firmware | < 5.25.132 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-36331?
How severe is CVE-2022-36331?
How do I fix CVE-2022-36331?
Are you affected by CVE-2022-36331?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST