Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23006

Summary
Assigner-WDC PSIRT
Assigner Org ID-cb3b742e-5145-4748-b44b-5ffd45bf3b6a
Published At-27 Sep, 2022 | 13:53
Updated At-21 May, 2025 | 15:09
Rejected At-
Credits

Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WDC PSIRT
Assigner Org ID:cb3b742e-5145-4748-b44b-5ffd45bf3b6a
Published At:27 Sep, 2022 | 13:53
Updated At:21 May, 2025 | 15:09
Rejected At:
▼CVE Numbering Authority (CNA)
Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Affected Products
Vendor
Western Digital Corp.Western Digital
Product
My Cloud Home
Platforms
  • Linux
Versions
Affected
  • From 8.10.0-117 before 8.10.0-117 (custom)
Vendor
Western Digital Corp.Western Digital
Product
My Cloud Home Duo
Platforms
  • Linux
Versions
Affected
  • From 8.10.0-117 before 8.10.0-117 (custom)
Vendor
Sandisk Corp.SanDisk
Product
ibi
Platforms
  • Linux
Versions
Affected
  • From 8.10.0-117 before 8.10.0-117 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.11.8LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 1.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Your device will be automatically updated to the latest firmware version.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvd.nist.gov/vuln/detail/CVE-2022-23006
x_refsource_MISC
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2022-23006
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvd.nist.gov/vuln/detail/CVE-2022-23006
x_refsource_MISC
x_transferred
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2022-23006
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@wdc.com
Published At:27 Sep, 2022 | 23:15
Updated At:03 Oct, 2022 | 18:40

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Secondary3.11.8LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 1.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
CPE Matches
Western Digital Corp.
westerndigital
>>my_cloud_home_firmware>>Versions before 8.10.0-117(exclusive)
cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*
Western Digital Corp.
westerndigital
>>my_cloud_home>>-
cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*
Western Digital Corp.
westerndigital
>>my_cloud_home_duo_firmware>>Versions before 8.10.0-117(exclusive)
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*
Western Digital Corp.
westerndigital
>>my_cloud_home_duo>>-
cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*
Western Digital Corp.
westerndigital
>>sandisk_ibi_firmware>>Versions before 8.10.0-117(exclusive)
cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*
Western Digital Corp.
westerndigital
>>sandisk_ibi>>-
cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondarypsirt@wdc.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: psirt@wdc.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvd.nist.gov/vuln/detail/CVE-2022-23006psirt@wdc.com
Third Party Advisory
US Government Resource
https://www.westerndigital.com/support/product-security/wdc-22015-western-digital-my-cloud-home-and-sandisk-ibi-firmware-version-8-10-0-117nvd@nist.gov
Vendor Advisory
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2022-23006
Source: psirt@wdc.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.westerndigital.com/support/product-security/wdc-22015-western-digital-my-cloud-home-and-sandisk-ibi-firmware-version-8-10-0-117
Source: nvd@nist.gov
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2022-22989
Matching Score-6
Assigner-Western Digital
ShareView Details
Matching Score-6
Assigner-Western Digital
CVSS Score-9.8||CRITICAL
EPSS-1.23% / 78.36%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 20:27
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pre-authenticated stack overflow vulnerability on FTP Service

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.

Action-Not Available
Vendor-Western Digital Corp.
Product-my_cloud_dl2100wd_cloudmy_cloudmy_cloud_ex4100my_cloud_ex2_ultramy_cloud_osmy_cloud_mirror_gen_2my_cloud_pr2100my_cloud_dl4100my_cloud_ex2100my_cloud_pr4100My Cloud
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12830
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.98% / 89.27%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:32
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

Action-Not Available
Vendor-n/aWestern Digital Corp.
Product-my_cloud_firmwaremy_cloud_expert_series_ex2my_cloud_mirror_-_gen_2my_cloud_pr2100my_cloud_ex4100my_cloud_pr4100n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-40897
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7||HIGH
EPSS-0.16% / 37.43%
||
7 Day CHG+0.12%
Published-26 Jul, 2024 | 06:03
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Action-Not Available
Vendor-gstreamerGStreamergstreamer
Product-orcORCorc
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10573
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.57%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 18:31
Updated-02 Jan, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mpg123: buffer overflow when writing decoded pcm samples

An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-40580
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.67%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:39
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-40579
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.4||MEDIUM
EPSS-0.02% / 2.67%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:39
Updated-08 Jul, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to a stack-based buffer overflow. This could allow a non-privileged local attacker to execute arbitrary code on the device or to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-scalance_lpe9403scalance_lpe9403_firmwareSCALANCE LPE9403
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1125
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 14:16
Updated-12 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculation to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result the hfsplus_open_compressed_real() function will write past of the internal buffer length. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution by-passing secure boot protections.

Action-Not Available
Vendor-GNURed Hat, Inc.
Product-grub2Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9498
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 29.44%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 12:32
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora ProjectDebian GNU/Linux
Product-debian_linuxguacamolefedoraApache Guacamole
CWE ID-CWE-787
Out-of-bounds Write
Details not found