Unrated severityNVD Advisory· Published Jun 12, 2023· Updated Jan 3, 2025

Impersonation attack causing an Authentication Bypass on Western Digital devices

CVE-2022-36331

Description

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Affected products

Sandisk/ibicpe-rescue
Range: 0
Western Digital/My Cloud Home and My Cloud Home Duov5
Range: 0
Western Digital/My Cloud OS 5v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

https//www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-updatemitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000