CVE-2022-29836
Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.
Se descubrió una vulnerabilidad de limitación inadecuada de un nombre de ruta a un Restricted Directory ("Path Traversal") a través de una API HTTP en Western Digital My Cloud Home; My Cloud Home Duo; y dispositivos SanDisk ibi que podrían permitir a un atacante abusar de ciertos parámetros para señalar ubicaciones aleatorias en el sistema de archivos. Esto también podría permitir al atacante iniciar la instalación de paquetes personalizados en estas ubicaciones. Esto sólo puede explotarse una vez que el atacante se haya autenticado en el dispositivo. Este problema afecta a: versiones de Western Digital My Cloud Home y My Cloud Home Duo anteriores a 8.11.0-113 en Linux; Versiones de SanDisk ibi anteriores a 8.11.0-113 en Linux.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-04-27 CVE Reserved
- 2022-11-09 CVE Published
- 2023-11-16 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Westerndigital Search vendor "Westerndigital" | My Cloud Home Firmware Search vendor "Westerndigital" for product "My Cloud Home Firmware" | < 8.11.0-113 Search vendor "Westerndigital" for product "My Cloud Home Firmware" and version " < 8.11.0-113" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Home Search vendor "Westerndigital" for product "My Cloud Home" | - | - |
Safe
|
Westerndigital Search vendor "Westerndigital" | My Cloud Home Duo Firmware Search vendor "Westerndigital" for product "My Cloud Home Duo Firmware" | < 8.11.0-113 Search vendor "Westerndigital" for product "My Cloud Home Duo Firmware" and version " < 8.11.0-113" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Home Duo Search vendor "Westerndigital" for product "My Cloud Home Duo" | - | - |
Safe
|
Westerndigital Search vendor "Westerndigital" | Sandisk Ibi Firmware Search vendor "Westerndigital" for product "Sandisk Ibi Firmware" | < 8.11.0-113 Search vendor "Westerndigital" for product "Sandisk Ibi Firmware" and version " < 8.11.0-113" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | Sandisk Ibi Search vendor "Westerndigital" for product "Sandisk Ibi" | - | - |
Safe
|