[Latest Vulnerability] WDMyCloud Multiple Vulnerabilities fixed

WD My Cloud Mirror devices vulnerable to pre auth RCE and also a hardcoded backdoor admin account which can NOT be changed. Bug is tested by Security researcher WDMyCloud 4TB and a WDMyCloudMirror 16TB with the latest available firmware 2.30.165, you can read full paper here.

WDMyCloud multiple vulnerabilities are File upload vulnerability, Remote code execution, Hard coded back door and Information disclosure bug etc,.

WD has released fix to all mention vulnerabilities and users can upgrade firmware to version 2.30.174, download form here.

 

References:

[1] http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125

[2] https://blog.exploitee.rs/2017/hacking_wd_mycloud/

[3] http://forums.dlink.com/index.php?topic=65415.0

[4] https://www.exploitee.rs/index.php/Western_Digital_MyCloud


 

Please follow and like us:

Be the first to comment

Leave a Reply

Your email address will not be published.


*