Description
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
- Attack Vector
- local
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- high
- Availability
- none
- Weaknesses
- CWE-22CWE-22
Metadata
- Primary Vendor
- WESTERNDIGITAL
- Published
- 12/1/2022
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
westerndigital : my_cloud_home_firmwarewesterndigital : my_cloud_home_duo_firmwarewesterndigital : sandisk_ibi_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.