WDC-23003 Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 9.4.0-191

Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 9.4.0-191

WDC Tracking Number: WDC-23003
Product Line: My Cloud Home, My Cloud Home Duo, and SanDisk ibi
Published: February 13, 2023

Last Updated: March 23, 2023

Description

Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi firmware versions 9.4.0-191 and higher include updates to help improve the security of your devices.

Your devices will be automatically updated to reflect the latest firmware version.

Product Impact

Minimum Fix Version

Last Updated

My Cloud Home

9.4.0-191

February 8, 2023

My Cloud Home Duo

9.4.0-191

February 8, 2023

SanDisk ibi

9.4.0-191

February 8, 2023

For more information on the latest security updates, see the release notes.

Advisory Summary

Addressed an uncontrolled resource consumption issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted.

CVE Number: CVE-2022-36326

Reported By: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro’s Zero Day Initiative

Addressed a path traversal vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution.

CVE Number: CVE-2022-36327

Reported By: Claroty Research, Team82 - Vera Mens, Noam Moshe, Uri Katz and Sharon Brizinov working with Trend Micro’s Zero Day Initiative

Addressed a path traversal vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations.

CVE Number: CVE-2022-36328

Reported By: Claroty Research, Team82 - Vera Mens, Noam Moshe, Uri Katz and Sharon Brizinov working with Trend Micro’s Zero Day Initiative

Addressed an improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism.

CVE Number: CVE-2022-36329

Addressed a buffer overflow vulnerability on firmware version validation that could lead to an unauthenticated remote code execution.

CVE Number: CVE-2022-36330

Add up to 4 products

{{ skuObj.title.length < 15 ? skuObj.title : skuObj.title.substring(0,14) + "..." }}

Compare

Details & Exclusions

Details & Exclusions

Details & Exclusions

Details & Exclusions

Sign In

Sign In for Business

Resend Verification Email

Reset Password

Sign In

Sign In for Business

Resend Verification Email

Reset Password

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi Firmware Version 9.4.0-191

Description

Advisory Summary

News and updates straight to your inbox