CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-36331

CVSS 10.0v3.1pub. 2023-06-12upd. 2024-11-21

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Westerndigital My Cloud

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Dl2100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Dl2100 Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Dl4100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Dl4100 Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Ex2100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Ex2100 Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Ex2 Ultra

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Ex2 Ultra Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Ex4100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Ex4100 Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Home

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Home Duo

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Home Duo Firmware

    OS
    Westerndigital
    < 8.13.1-102
  • Westerndigital My Cloud Home Firmware

    OS
    Westerndigital
    < 8.13.1-102
  • Westerndigital My Cloud Mirror G2

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Mirror G2 Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Pr2100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Pr2100 Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital My Cloud Pr4100

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital My Cloud Pr4100 Firmware

    OS
    Westerndigital
    < 5.25.132
  • Westerndigital Sandisk Ibi

    HW
    Westerndigital
    wszystkie wersje
  • Westerndigital Sandisk Ibi Firmware

    OS
    Westerndigital
    < 8.13.1-102
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-22814CRITICAL10.0ten sam produkt

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that co...

CVE-2022-29842CRITICAL9.8ten sam produkt

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could a...

CVE-2021-36226CRITICAL9.8ten sam produkt

Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.

CVE-2021-36224CRITICAL9.8ten sam produkt

Western Digital My Cloud devices before OS5 have a nobody account with a blank password.

CVE-2022-22995CRITICAL10.0ten sam produkt

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writi...