Westerndigital Sandisk_ibi_firmware
11 CVEs affecting Westerndigital Sandisk_ibi_firmware. Latest disclosed: 2024-02-05. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36331 | Critical | 10.0 | 2023-06-12 | Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica… |
CVE-2022-36328 | Medium | 5.8 | 2023-05-18 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitra… |
CVE-2022-36327 | Medium | 5.8 | 2023-05-18 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with cert… |
CVE-2023-22817 | Medium | 5.5 | 2024-02-05 | Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back… |
CVE-2023-22819 | Medium | 4.9 | 2024-02-05 | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua… |
CVE-2022-29837 | Medium | 4.7 | 2022-12-01 | A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate inst… |
CVE-2022-36326 | Medium | 4.4 | 2023-05-18 | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua… |
CVE-2022-36329 | Medium | 4.4 | 2023-05-10 | An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cl… |
CVE-2022-36330 | Low | 1.9 | 2023-05-10 | A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My… |
CVE-2022-29836 | Low | 1.9 | 2022-11-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; M… |
CVE-2022-23006 | Low | 1.8 | 2022-09-27 | A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessi… |