EdgeRover Desktop App Version 1.5.1-594
WDC Tracking Number: WDC-22004
Product Line: EdgeRover
Published: March 18, 2022
Last Updated: March 18, 2022
Description
EdgeRover was vulnerable to a directory traversal vulnerability that allowed an attacker to carry out a local privilege escalation and escape basic file-system sandboxing. These vulnerabilities when successfully exploited could lead to disclosure of sensitive information or denial-of-service.
Advisory Summary
Addressed this vulnerability in EdgeRover by modifying file and directory permissions to allow files to only be loaded from certain folders.
CVE Number: CVE-2022-22988
Western Digital would like to thank Xavier Danest for reporting this issue.