CVE-2022-36330 Vulnerability Details

  /     /     /  

CVE-2022-36330 Metadata Quick Info

CVE Published: 09/05/2023 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: WDC PSIRT | Vendor: Western Digital | Product: My Cloud Home and My Cloud Home Duo
Status : PUBLISHED

---

CVE-2022-36330 Description

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. 

Metrics

CVSS Version: 3.1 | Base Score: 1.9 LOW
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-120
CWE Name: CWE-120 Buffer Copy without Checking Size of Input ( Classic Buffer Overflow )
Source: Western Digital

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).