The MyCloud Auth Vulnerability Fixed by Western Digital with a Hotfix

Western Digital have just released a hotfix as part of a firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) which was previously affecting MyCloud NAS Devices for over a year. The vulnerability allows for anyone to bypass authentication and get administrative access to the router. Once the attacker gains access to the router, they can flash it with a custom firmware and change the DNS to point to phishing based websites.

More Information about Authentication Bypass Vulnerability

When did WD take this issue into a priority?

After gaining a lot of attention from the media , WD posted a tweet stating that they are working on a fix for this vulnerability.

If you are using the WD MyCloud NAS Devices you can download the firmware from the WD’s website.

Firmware Download

Instructions on how to install the firmware update can be found in this security notice.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil