Description
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- changed
- Confidentiality
- high
- Integrity
- high
- Availability
- high
- Weaknesses
- CWE-290CWE-290
Metadata
- Primary Vendor
- WESTERNDIGITAL
- Published
- 6/12/2023
- Last Modified
- 11/21/2024
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
westerndigital : my_cloud_pr2100_firmwarewesterndigital : my_cloud_pr4100_firmwarewesterndigital : my_cloud_ex4100_firmwarewesterndigital : my_cloud_ex2_ultra_firmwarewesterndigital : my_cloud_mirror_g2_firmwarewesterndigital : my_cloud_dl2100_firmwarewesterndigital : my_cloud_dl4100_firmwarewesterndigital : my_cloud_ex2100_firmwarewesterndigital : my_cloud_home_firmwarewesterndigital : my_cloud_home_duo_firmwarewesterndigital : sandisk_ibi_firmwarewesterndigital : my_cloud_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.