Westerndigital My Cloud Home Duo Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Westerndigital My Cloud Home Duo Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2022-36331 — CVSS 10.0 (critical): Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could…
CVE-2022-22997 — CVSS 6.8 (medium): Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that…
CVE-2022-36327 — CVSS 5.8 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to…
CVE-2022-36328 — CVSS 5.8 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create…
CVE-2023-22817 — CVSS 5.5 (medium): Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS…
CVE-2023-22819 — CVSS 4.9 (medium): An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large…
CVE-2022-29837 — CVSS 4.7 (medium): A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an…
CVE-2022-36326 — CVSS 4.4 (medium): An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large…
CVE-2022-36329 — CVSS 4.4 (medium): An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in…
CVE-2022-36330 — CVSS 1.9 (low): A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution…
CVE-2022-29836 — CVSS 1.9 (low): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western…
CVE-2022-23006 — CVSS 1.8 (low): A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow…