CVE-2022-36330 LOW

CVE-2022-36330: Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices

Vendor Western Digital
Product My Cloud Home and My Cloud Home Duo
Weakness CWE-120
Published May 9, 2023
Last update January 28, 2025

CVSS base score

1.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. 

Key dates

02Disclosure timeline

May 9, 2023 CVE published
January 28, 2025 Record updated