3 matches found
CVE-2022-29836
CVE-2022-29836 describes a post-authenticated path traversal vulnerability in HTTP API endpoints of Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. The issue allows an authenticated attacker to manipulate parameters to access arbitrary filesystem locations and potential...
CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...
CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...