CVE-2022-36331

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.
This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
WDC PSIRTCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
westerndigitalmy_cloud_pr2100_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_pr4100_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_ex4100_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_ex2_ultra_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_mirror_g2_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_dl2100_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_dl4100_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_ex2100_firmware
𝑥
< 5.25.132
westerndigitalmy_cloud_home_firmware
𝑥
< 8.13.1-102
westerndigitalmy_cloud_home_duo_firmware
𝑥
< 8.13.1-102
westerndigitalsandisk_ibi_firmware
𝑥
< 8.13.1-102
westerndigitalmy_cloud_firmware
𝑥
< 5.25.132
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update
https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update
https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update