My Cloud Home App 信息泄露漏洞(CVE-2023-22813)

admin

0
文章

0
评论

2023-11-30 02:11:34 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

My Cloud Home App 信息泄露漏洞(CVE-2023-22813)

CVE编号

CVE-2023-22813

利用情况

暂无

补丁情况

N/A

披露时间

2023-05-09

漏洞描述

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 Mobile App on Android, iOS, Western Digital My Cloud Home Mobile App on iOS, Android, SanDIsk ibi Mobile App on Android, iOS, Western Digital WD Cloud Mobile App on Android, iOS, Western Digital My Cloud OS 5 Web App, Western Digital My Cloud Home Web App, SanDisk ibi Web App and the Western Digital WD Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.This issue affects My Cloud OS 5 Mobile App: through 4.21.0; My Cloud Home Mobile App: through 4.21.0; ibi Mobile App: through 4.21.0; WD Cloud Mobile App: through 4.21.0; My Cloud OS 5 Web App: through 4.26.0-6126; My Cloud Home Web App: through 4.26.0-6126; ibi Web App: through 4.26.0-6126; WD Web App: through 4.26.0-6126.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.westerndigital.com/support/product-security/wdc-23004-western-dig...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	westerndigital	my_cloud	*		Up to (excluding) 4.26.0-6126
	运行在以下环境
	应用	westerndigital	my_cloud_home	*		Up to (excluding) 4.21.0
	运行在以下环境
	应用	westerndigital	my_cloud_home	*		Up to (excluding) 4.26.0-6126
	运行在以下环境
	应用	westerndigital	my_cloud_os_5	*		Up to (excluding) 4.21.0
	运行在以下环境
	应用	westerndigital	sandisk_ibi	*		Up to (excluding) 4.21.0
	运行在以下环境
	应用	westerndigital	sandisk_ibi	*		Up to (excluding) 4.26.0-6126