Western Digital have just released a hotfix as part of a firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) which was previously affecting MyCloud NAS Devices for over a year. The vulnerability allows for anyone to bypass authentication and get administrative access to the router. Once the attacker gains access to the router, they can flash it with a custom firmware and change the DNS to point to phishing based websites.
More Information about Authentication Bypass Vulnerability
When did WD take this issue into a priority?
After gaining a lot of attention from the media , WD posted a tweet stating that they are working on a fix for this vulnerability.
https://twitter.com/westerndigital/status/1043277178689835013
If you are using the WD MyCloud NAS Devices you can download the firmware from the WD's website.
Firmware Download
- My Cloud FW 2.30.196
- My Cloud Mirror Gen2 FW 2.30.196
- My Cloud EX2 Ultra FW 2.30.196
- My Cloud EX2100 FW 2.30.196
- My Cloud EX4100 FW 2.30.196
- My Cloud DL2100 FW 2.30.196
- My Cloud DL4100 FW 2.30.196
- My Cloud PR2100 FW 2.30.196
- My Cloud PR4100 FW 2.30.196
Take your time to comment on this article.
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/09/24/the-mycloud-auth-vulnerability-fixed-by-western-digital-with-a-hotfix/