Description
A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
CVSS Metrics
- Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- local
- Complexity
- high
- Privileges
- high
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-120CWE-120
Metadata
- Primary Vendor
- WESTERNDIGITAL
- Published
- 5/10/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
westerndigital : my_cloud_home_duo_firmwarewesterndigital : my_cloud_home_duo_firmwarewesterndigital : sandisk_ibi_firmwarewesterndigital : my_cloud_home_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.