Three vulnerabilities in Western Digital’s popular “My Cloud” network-attached storage devices for home or small office use have been discovered. These may allow an unauthenticated remote attacker read and write access to a device.
The first vulnerability provides unrestricted upload access to a device. The PHP gethostbyaddr() function found on the My Cloud built-in web server allows user-defined remote authentication servers. A series of bugs in the checks performed on these servers allow an unauthorised user upload access to a device.
A hardcoded backdoor exists in the My Cloud device firmware where the login functionality looks for an administration user with a default password. This backdoor can then be turned into a root shell to provide root access to a device.
The final exploit describes a method for using cross-site request forgery (XSRF) to send faulty commands to perform denial-of-service attacks.
- My Cloud EX2
- My Cloud EX4
- My Cloud EX2100
- My Cloud EX4100
- My Cloud EX2 Ultra
- My Cloud DL2100
- My Cloud DL4100
- My Cloud PR2100
- My Cloud PR4100My Cloud Mirror
- My Cloud Mirror Gen 2
Western Digital have reported all issues are fixed in firmware version 2.30.172.