cve/2022/CVE-2022-29837.md

### [CVE-2022-29837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29837)
![](https://img.shields.io/static/v1?label=Product&message=My%20Cloud%20Home&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=ibi&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=My%20Cloud%20Home%20%3C%208.12.0-178%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=ibi%3C%208.12.0-178%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

### Description

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

### POC

#### Reference
- https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-29837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29837)`
			`![](https://img.shields.io/static/v1?label=Product&message=My%20Cloud%20Home&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=ibi&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=My%20Cloud%20Home%20%3C%208.12.0-178%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=ibi%3C%208.12.0-178%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)`

			`### Description`

			`A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.`

			`### POC`

			`#### Reference`
			`- https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178`

			`#### Github`
			`No PoCs found on GitHub currently.`