CVE-2022-29837

MEDIUM

Western Digital My Cloud Home/Duo & SanDisk ibi <8.12.0-178 Path Traversal & Arbitrary File Write

Title source: llm

Description

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

References (1)

Core 1

Core References

Vendor Advisory

https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178

Scores

CVSS v3 4.7

EPSS 0.0019

EPSS Percentile 8.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (3)

westerndigital/my_cloud_home_duo_firmware < 8.12.0-178

westerndigital/my_cloud_home_firmware < 8.12.0-178

westerndigital/sandisk_ibi_firmware < 8.12.0-178

Published Dec 01, 2022

Tracked Since Feb 18, 2026