CVE-2022-29837
CVSS V2 None
CVSS V3 None
Description
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
Overview
- CVE ID
- CVE-2022-29837
- Assigner
- psirt@wdc.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-01T17:15:11
- Last Modified Date
- 2022-12-06T16:44:22
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:* | 1 | OR | 8.12.0-178 | |
cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:* | 1 | OR | 8.12.0-178 | |
cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:* | 1 | OR | 8.12.0-178 | |
cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:* | 0 | OR |
References
Reference URL | Reference Tags |
---|---|
https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178 | Vendor Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-29837 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29837 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-12-07 18:05:53 | Added to TrackCVE | |||
2022-12-18 04:33:58 | 2022-12-01T17:15:11.290 | 2022-12-01T17:15:11 | CVE Published Date | updated |
2022-12-18 04:33:58 | 2022-12-06T16:44:22 | CVE Modified Date | updated |