WDC Tracking Number: WDC-22020
Product Line/Web: My Cloud, My Cloud Home,
My Cloud Home Duo, and SanDisk ibi
Published: December 21, 2022
Last Updated: December 21, 2022
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an information disclosure that could allow an unauthenticated attacker to gain access to user data. The updated firmware versions noted below include security updates to address this vulnerability.
All My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices will be automatically updated to the latest firmware version.
Users of other My Cloud devices should promptly update to the latest firmware by clicking the firmware update notification to receive the latest security fixes. However, please note that My Cloud users running firmware versions 5.16 and older, will need to refer to this KBA in order to update their devices.
For more information on the latest security updates, see the following release notes:
My Cloud Devices
My Cloud Home/MyCloud Home Duo/SanDisk ibiDevices
The information disclosure issue has been resolved by making changes to the token authentication mechanism.
CVE Number: CVE-2022-29840