Western Digital have just released a hotfix as part of a firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) which was previously affecting MyCloud NAS Devices for over a year. The vulnerability allows for anyone to bypass authentication and get administrative access to the router. Once the attacker gains access to the router, they can flash it with a custom firmware and change the DNS to point to phishing based websites.
More Information about Authentication Bypass Vulnerability
When did WD take this issue into a priority?
After gaining a lot of attention from the media , WD posted a tweet stating that they are working on a fix for this vulnerability.
Hi, just a heads up, the recently reported vulnerability in the My Cloud firmware has been addressed with a user-installable hotfix found here: https://t.co/uplC38HOdt This will be included in an over-the-air update as part of the normal upgrade schedule for these product
— Western Digital (@westerndigital) September 21, 2018
If you are using the WD MyCloud NAS Devices you can download the firmware from the WD’s website.
- My Cloud FW 2.30.196
- My Cloud Mirror Gen2 FW 2.30.196
- My Cloud EX2 Ultra FW 2.30.196
- My Cloud EX2100 FW 2.30.196
- My Cloud EX4100 FW 2.30.196
- My Cloud DL2100 FW 2.30.196
- My Cloud DL4100 FW 2.30.196
- My Cloud PR2100 FW 2.30.196
- My Cloud PR4100 FW 2.30.196
Instructions on how to install the firmware update can be found in this security notice.
Take your time to comment on this article.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018