CVE-2022-23006 LOW

CVE-2022-23006: Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi

Vendor Western Digital
Product My Cloud Home
Weakness CWE-121
Published September 27, 2022
Last update May 21, 2025

CVSS base score

1.8/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Key dates

02Disclosure timeline

September 27, 2022 CVE published
May 21, 2025 Record updated