Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-36331
HistoryJun 12, 2023 - 6:15 p.m.

CVE-2022-36331

2023-06-1218:15:09
CWE-290
[email protected]
web.nvd.nist.gov
2
vulnerability
western digital
my cloud
sandisk ibi
unauthenticated access
user data

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.
This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Affected configurations

Nvd
Node
westerndigitalmy_cloud_pr2100Match-
AND
westerndigitalmy_cloud_pr2100_firmwareRange<5.25.132
Node
westerndigitalmy_cloud_pr4100Match-
AND
westerndigitalmy_cloud_pr4100_firmwareRange<5.25.132
Node
westerndigitalmy_cloud_ex4100_firmwareRange<5.25.132
AND
westerndigitalmy_cloud_ex4100Match-
Node
westerndigitalmy_cloud_ex2_ultra_firmwareRange<5.25.132
AND
westerndigitalmy_cloud_ex2_ultraMatch-
Node
westerndigitalmy_cloud_mirror_g2_firmwareRange<5.25.132
AND
westerndigitalmy_cloud_mirror_g2Match-
Node
westerndigitalmy_cloud_dl2100_firmwareRange<5.25.132
AND
westerndigitalmy_cloud_dl2100Match-
Node
westerndigitalmy_cloud_dl4100Match-
AND
westerndigitalmy_cloud_dl4100_firmwareRange<5.25.132
Node
westerndigitalmy_cloud_ex2100Match-
AND
westerndigitalmy_cloud_ex2100_firmwareRange<5.25.132
Node
westerndigitalmy_cloud_homeMatch-
AND
westerndigitalmy_cloud_home_firmwareRange<8.13.1-102
Node
westerndigitalmy_cloud_home_duoMatch-
AND
westerndigitalmy_cloud_home_duo_firmwareRange<8.13.1-102
Node
westerndigitalsandisk_ibiMatch-
AND
westerndigitalsandisk_ibi_firmwareRange<8.13.1-102
Node
westerndigitalmy_cloudMatch-
AND
westerndigitalmy_cloud_firmwareRange<5.25.132
VendorProductVersionCPE
westerndigitalmy_cloud_pr2100-cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr2100_firmware*cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr4100-cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr4100_firmware*cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex4100_firmware*cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex4100-cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2_ultra_firmware*cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2_ultra-cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_mirror_g2_firmware*cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_mirror_g2-cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 241

Related

zdi 2
prion 1
openvas 1
cvelist 1
cve 1
zdi
zdi
(Pwn2Own) Western Digital MyCloud PR4100 Information Disclosure Vulnerability
2023-06-08 00:00:00
(Pwn2Own) Western Digital MyCloud PR4100 Authentication Bypass Vulnerability
2023-06-08 00:00:00
prion
prion
Code injection
2023-06-12 18:15:00
openvas
openvas
Western Digital My Cloud Multiple Products 5.x < 5.25.132 Authentication Bypass Vulnerability (WDC-22020)
2023-01-02 00:00:00
cvelist
cvelist
CVE-2022-36331 Impersonation attack causing an Authentication Bypass on Western Digital devices
2023-06-12 17:57:51
cve
cve
CVE-2022-36331
2023-06-12 18:15:09

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

46.4%

JSON
Related for NVD:CVE-2022-36331
zdi2prion1openvas1cvelist1cve1