Western Digital content app vulnerable to unauthorized media access

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
9,973
Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks.

EdgeRover is a centralized content management solution for Western Digital and SanDisk products, unifying multiple digital storage devices under a single management interface.
It's a proprietary software solution aiming to increase usability and comfort, offering powerful content searching, filtering, categorization options, privacy settings, collection creation, duplicate detection, and more.

Considering that Western Digital is one of the world's most successful manufacturers and retailers of digital storage products, there are likely a significant number of people using EdgeRover for data management.

A data exposing problem​

The vulnerability, tracked as CVE-2022-22998, is a directory traversal bug, allowing unauthorized access to restricted directories and files. The vulnerability has been given a CVSS v3 severity rating of 9.1, categorizing the flaw as critical.

Western Digital's brief advisory does not provide much detail regarding the vulnerability, so it is not clear if it is a DLL hijacking bug allowing local privilege elevation or a bug allowing access to unprivileged data locations.

However, Western Digital is advising its customers to update their EdgeRover desktop applications to version 1.5.1-594 or later, released last week to resolve these vulnerabilities.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top