Western Digital have just released a hotfix as part of a firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) which was previously affecting MyCloud NAS Devices for over a year. The vulnerability allows for anyone to bypass authentication and get administrative access to the router. Once the attacker gains access to the router, they can flash it with a custom firmware and change the DNS to point to phishing based websites.
More Information about Authentication Bypass Vulnerability
When did WD take this issue into a priority?
After gaining a lot of attention from the media , WD posted a tweet stating that they are working on a fix for this vulnerability.
Hi, just a heads up, the recently reported vulnerability in the My Cloud firmware has been addressed with a user-installable hotfix found here: https://t.co/uplC38HOdt This will be included in an over-the-air update as part of the normal upgrade schedule for these product
— Western Digital (@westerndigital) September 21, 2018
If you are using the WD MyCloud NAS Devices you can download the firmware from the WD’s website.
Firmware Download
- My Cloud FW 2.30.196
- My Cloud Mirror Gen2 FW 2.30.196
- My Cloud EX2 Ultra FW 2.30.196
- My Cloud EX2100 FW 2.30.196
- My Cloud EX4100 FW 2.30.196
- My Cloud DL2100 FW 2.30.196
- My Cloud DL4100 FW 2.30.196
- My Cloud PR2100 FW 2.30.196
- My Cloud PR4100 FW 2.30.196
Instructions on how to install the firmware update can be found in this security notice.
Take your time to comment on this article.