Описание
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.12.0-178 (исключая)
Одновременно
cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 8.12.0-178 (исключая)
Одновременно
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 8.12.0-178 (исключая)
Одновременно
cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
4.7 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-22
CWE-22
Связанные уязвимости
CVSS3: 7.8
github
около 3 лет назад
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.
EPSS
Процентиль: 26%
0.00092
Низкий
4.7 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-22
CWE-22