8.1
CVE-2022-36330
- EPSS 0.21%
- Veröffentlicht 10.05.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 07:12:48
- Quelle psirt@wdc.com
- Teams Watchlist Login
- Unerledigt Login
A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Westerndigital ≫ My Cloud Home Duo Firmware Version < 9.4.0-191
Westerndigital ≫ My Cloud Home Duo Firmware Version < 9.4.0-191
Westerndigital ≫ Sandisk Ibi Firmware Version < 9.4.0-191
Westerndigital ≫ My Cloud Home Firmware Version < 9.4.0-191
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.401 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@wdc.com | 1.9 | 0.5 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.