How severe is CVE-2022-23006?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2022-23006?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2022-23006

MEDIUM Year: 2022

CVSS v3 Score

6.7

Medium

Weakness Type

CWE-121

View all →

Vulnerability Description

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

CVE-2020-27749

MEDIUM

CVSS:6.7(Medium)

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary...

CWE-1212020

CVE-2021-21556

MEDIUM

CVSS:6.7(Medium)

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious us...

CWE-1212021

CVE-2023-29182

MEDIUM

CVSS:6.7(Medium)

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker ...

CWE-1212023

CVE-2023-35012

MEDIUM

CVSS:6.7(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user w...

CWE-1212023

CVE-2023-4273

MEDIUM

CVSS:6.7(Medium)

A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries fr...

CWE-1212023

CVE-2023-52162

MEDIUM

CVSS:6.7(Medium)

Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability...

CWE-1212023

CVE-2022-23006

Vulnerability Description

Related Vulnerabilities

CVE-2020-27749

CVE-2021-21556

CVE-2023-29182

CVE-2023-35012

CVE-2023-4273

CVE-2023-52162