cbcvebase.
CVE-2022-29837
published 2022-12-01

CVE-2022-29837: A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate…

PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.19%
8.8th percentile
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

Affected

6 ranges
VendorProductVersion rangeFixed in
sandiskibi>= ibi < 8.12.0-1788.12.0-178
western_digitalmy_cloud_home>= My Cloud Home < 8.12.0-1788.12.0-178
western_digitalmy_cloud_home>= My Cloud Home Duo < 8.12.0-1788.12.0-178
westerndigitalmy_cloud_home_duo_firmware< 8.12.0-1788.12.0-178
westerndigitalmy_cloud_home_firmware< 8.12.0-1788.12.0-178
westerndigitalsandisk_ibi_firmware< 8.12.0-1788.12.0-178
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.