CVE-2022-29837
published 2022-12-01CVE-2022-29837: A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate…
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.19%
8.8th percentile
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sandisk | ibi | >= ibi < 8.12.0-178 | 8.12.0-178 |
| western_digital | my_cloud_home | >= My Cloud Home < 8.12.0-178 | 8.12.0-178 |
| western_digital | my_cloud_home | >= My Cloud Home Duo < 8.12.0-178 | 8.12.0-178 |
| westerndigital | my_cloud_home_duo_firmware | < 8.12.0-178 | 8.12.0-178 |
| westerndigital | my_cloud_home_firmware | < 8.12.0-178 | 8.12.0-178 |
| westerndigital | sandisk_ibi_firmware | < 8.12.0-178 | 8.12.0-178 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Western Digital My Cloud Home/My Cloud Home Duo/SanDisk ibi ZIP Package path traversal (EUVD-2022-34155)
vuldb·2026-05-23·CVSS 7.8
CVE-2022-29837 [HIGH] Western Digital My Cloud Home/My Cloud Home Duo/SanDisk ibi ZIP Package path traversal (EUVD-2022-34155)
A vulnerability marked as critical has been reported in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi. This affects an unknown part of the component ZIP Package Handler. This manipulation causes path traversal.
This vulnerability is registered as CVE-2022-29837. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-xj3g-h9f3-349x: A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to init
ghsa_unreviewed·2022-12-01
CVE-2022-29837 [HIGH] CWE-22 GHSA-xj3g-h9f3-349x: A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to init
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178
2022-12-01
Published