CVE-2022-36329— Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices

CVSS 4.4 · Medium EPSS 0.11% · P30 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-36329

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices

Source: NVD (National Vulnerability Database)

Vulnerability Description

An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

未加控制的资源消耗(资源穷尽)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Western Digital My Cloud Home 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Western Digital My Cloud Home是美国西部数据（Western Digital）公司的一款易于使用的个人云存储设备。可直接插入 Wi-Fi 路由器，从而保护数字生活。 Western Digital My Cloud Home 9.4.0-191之前版本和 My Cloud Home Duo 9.4.0-191之前版本存在安全漏洞，该漏洞源于存在不当的权限管理，攻击者通过OTA机制导致拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Western Digital	My Cloud Home and My Cloud Home Duo	0 ~ 9.4.0-191	-
SanDisk	ibi	0 ~ 9.4.0-191	-

II. Public POCs for CVE-2022-36329

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-36329

请登录查看更多情报信息。

Same Patch Batch · Western Digital · 2023-05-10 · 4 CVEs total

CVE-2022-29842	9.8 CRITICAL	Command Injection Vulnerability in Western Digital My Cloud devices
CVE-2022-29841	8.0 HIGH	OS Command Injection vulnerability in Western Digital My Cloud devices
CVE-2022-29840	5.1 MEDIUM	Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices

IV. Related Vulnerabilities

Same product: My Cloud Home and My Cloud Home Duo

Same vendor: Western Digital

Same weakness: CWE-400

V. Comments for CVE-2022-36329

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-36329— Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices

I. Basic Information for CVE-2022-36329

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-36329

III. Intelligence Information for CVE-2022-36329

Same Patch Batch · Western Digital · 2023-05-10 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-36329

Leave a comment