cbcvebase.
CVE-2022-23006
published 2022-09-27

CVE-2022-23006: A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker…

PriorityP430medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
EPSS
0.26%
17.5th percentile
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Affected

6 ranges
VendorProductVersion rangeFixed in
sandiskibi>= 8.10.0-117 < 8.10.0-1178.10.0-117
western_digitalmy_cloud_home>= 8.10.0-117 < 8.10.0-1178.10.0-117
western_digitalmy_cloud_home_duo>= 8.10.0-117 < 8.10.0-1178.10.0-117
westerndigitalmy_cloud_home_duo_firmware< 8.10.0-1178.10.0-117
westerndigitalmy_cloud_home_firmware< 8.10.0-1178.10.0-117
westerndigitalsandisk_ibi_firmware< 8.10.0-1178.10.0-117
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.