Improper Authentication in Western Digital products - CVE-2022-36331
Published: June 12, 2023
Vulnerability identifier: #VU77147
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-36331
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Western Digital
Affected software:
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud
My Cloud Home
My Cloud Home Duo
SanDisk ibi
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud
My Cloud Home
My Cloud Home Duo
SanDisk ibi
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication within the way the device connects with cloud services. A remote attacker can bypass authentication process and gain access to user data.
How to mitigate CVE-2022-36331
Install updates from vendor's website.