Improper Authentication in Western Digital products - CVE-2022-36331
Published: June 12, 2023
Vulnerability identifier: #VU77147
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-36331
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud
My Cloud Home
My Cloud Home Duo
SanDisk ibi
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud
My Cloud Home
My Cloud Home Duo
SanDisk ibi
Software vendor:
Western Digital
Western Digital
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication within the way the device connects with cloud services. A remote attacker can bypass authentication process and gain access to user data.
Remediation
Install updates from vendor's website.