Skip to content
SystemTek

SystemTek

Providing technology news online since 1999

  • Home
  • About Us
  • A-Z Wiki
  • Block Lists
  • Contact Us
  • Blog Posts
    • Audio & Video News
    • Computer News
    • Electronics News
    • Gaming News
    • General News
    • Internet News
    • Product Recalls
    • Product Review
    • Radio News
    • Security Vulnerabilities
    • Security News
    • Social Media News
    • Software News
    • Space News
    • Telecoms News
    • TV News
  • Tech Tips
News Security Vulnerabilities 

Western Digital My Cloud Multiple Vulnerabilities

January 16, 2018January 15, 2018 Duncan Newell 667 Views 0 Comments PHP, Western Digital, Western Digital My Cloud min read

Three vulnerabilities in Western Digital’s popular “My Cloud” network-attached storage devices for home or small office use have been discovered. These may allow an unauthenticated remote attacker read and write access to a device.

The first vulnerability provides unrestricted upload access to a device. The PHP gethostbyaddr() function found on the My Cloud built-in web server allows user-defined remote authentication servers. A series of bugs in the checks performed on these servers allow an unauthorised user upload access to a device.

A hardcoded backdoor exists in the My Cloud device firmware where the login functionality looks for an administration user with a default password. This backdoor can then be turned into a root shell to provide root access to a device.

The final exploit describes a method for using cross-site request forgery (XSRF) to send faulty commands to perform denial-of-service attacks.

Affected Platforms

  • My Cloud EX2
  • My Cloud EX4
  • My Cloud EX2100
  • My Cloud EX4100
  • My Cloud EX2 Ultra
  • My Cloud DL2100
  • My Cloud DL4100
  • My Cloud PR2100
  • My Cloud PR4100My Cloud Mirror
  • My Cloud Mirror Gen 2

Resolution

Western Digital have reported all issues are fixed in firmware version 2.30.172.

Firmware Release Release Notes

Download firmware : http://download.wdc.com/nas/My_Cloud_GLCR_2.30.172.bin



Image result for western digital
Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Share this:

  • Click to print (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to email this to a friend (Opens in new window)

Like this:

Like Loading...

Related Posts

  • ← Cryptocurrency Mining Software Reported On Apps Downloaded From Android App Store
  • SharePoint 2010 – Usage Files Are Not Deleted And may Cause Timer Service Problems →

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search our site

Sky Remote Codes

IP Address Tools

What's My IP Address

Blog post categories

Featured Posts

DAB Radio Reception Issues

How To Fix Windows Update Error 0x80070057

What is Microsoft Patch Tuesday ?[RESOLVED]

The myths around 5G and COVID-19 - What is 5G ?

What Is GDPR And How Does It Effect You

What is Credential Stuffing ?

Smart Meters - Everything You Need To Know

How To Test A Remote Control With A Mobile Phone

What is the Google Password Checkup Tool [RESOLVED]

Most Hacked Passwords Revealed In New Report

Top Tags

5G Amazon Android Apache Apple BBC BT Cisco Cryptocurrency Cyber attack Cyber Security DoS Email Facebook Google Google Chrome Government Hacking News Intel Linux Linux Kernel Malware Microsoft Microsoft Windows Mobile Phone National Cyber Security Centre NHS Ofcom Phishing Emails PHP Product Recall Ransomware RAT Samsung Scam Sophos Sophos UTM Space Spam Trojan TV UK Government UK Space Agency USA Windows 10

RSS Feed

RSS Feed RSS - Posts

Untitled 1

Pages

Advertise With Us  -  About Us  -  Block Lists  -  Contact Us  -  Guest Blog Posts  -  Privacy Policy  -  Useful Links  -  Wiki  - 

Untitled 1

Topics

All News Story's  -  Security Alerts  -  Security News -  Security Vulnerabilities - Technology Tips  -  Product Recalls  -  New Products  -  Space News  -  Social Media News -  Domain Info  - Telecoms News - TV News

Copyright © 1999 - 2021 SystemTek. All rights reserved.
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: