2 matches found
CVE-2023-22817 Server-side Request Forgery vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
CVE-2023-22817
CVE-2023-22817 describes an SSRF vulnerability in Western Digital My Cloud OS 5 (prior to 5.27.161), My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices (prior to 9.5.1-104). The issue stems from insufficient validation of incoming requests, allowing a rogue server on the local network to m...