{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T16:14:03.082","vulnerabilities":[{"cve":{"id":"CVE-2022-29836","sourceIdentifier":"psirt@wdc.com","published":"2022-11-09T21:15:14.507","lastModified":"2024-11-21T06:59:47.080","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux."},{"lang":"es","value":"Se descubrió una vulnerabilidad de limitación inadecuada de un nombre de ruta a un  Restricted Directory (\"Path Traversal\") a través de una API HTTP en Western Digital My Cloud Home; My Cloud Home Duo; y dispositivos SanDisk ibi que podrían permitir a un atacante abusar de ciertos parámetros para señalar ubicaciones aleatorias en el sistema de archivos. Esto también podría permitir al atacante iniciar la instalación de paquetes personalizados en estas ubicaciones. Esto sólo puede explotarse una vez que el atacante se haya autenticado en el dispositivo. Este problema afecta a: versiones de Western Digital My Cloud Home y My Cloud Home Duo anteriores a 8.11.0-113 en Linux; Versiones de SanDisk ibi anteriores a 8.11.0-113 en Linux."}],"metrics":{"cvssMetricV31":[{"source":"psirt@wdc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"psirt@wdc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.11.0-113","matchCriteriaId":"8F17551C-A43E-459B-B6E0-F24ACD31EA65"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*","matchCriteriaId":"2BE2FBAB-5BA0-4F09-A76E-4A6869668810"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.11.0-113","matchCriteriaId":"308ED732-766A-4342-96C9-59A12A64DBCA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*","matchCriteriaId":"124BBC79-65A2-465C-B784-D21E57E96F63"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.11.0-113","matchCriteriaId":"172BFB9E-49F1-4E76-944E-914855932EF5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*","matchCriteriaId":"296ADA43-16BA-4444-B472-DB945FB917B2"}]}]}],"references":[{"url":"https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113","source":"psirt@wdc.com","tags":["Vendor Advisory"]},{"url":"https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}