CVE-2023-22813

CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 Mobile App on Android, iOS, Western Digital My Cloud Home Mobile App on iOS, Android, SanDIsk ibi Mobile App on Android, iOS, Western Digital WD Cloud Mobile App on Android, iOS, Western Digital My Cloud OS 5 Web App, Western Digital My Cloud Home Web App, SanDisk ibi Web App and the Western Digital WD Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.This issue affects My Cloud OS 5 Mobile App: through 4.21.0; My Cloud Home Mobile App: through 4.21.0; ibi Mobile App: through 4.21.0; WD Cloud Mobile App: through 4.21.0; My Cloud OS 5 Web App: through 4.26.0-6126; My Cloud Home Web App: through 4.26.0-6126; ibi Web App: through 4.26.0-6126; WD Web App: through 4.26.0-6126.

Source: CVE-2023-22813

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다