Western Digital's My Cloud (WD My Cloud) is ane of the most pop network-attached storage (NAS) devices which is beingness used yesteryear businesses in addition to individuals to host their files, equally good equally backup in addition to sync them amongst diverse cloud in addition to web-based services.
The WD My Cloud devices allow users non solely portion files inwards a habitation network but its private cloud characteristic besides allows them to access their information from anywhere around the the world at whatsoever time.
However, safety researchers at Securify accept discovered an authentication bypass vulnerability on the WD My Cloud NAS boxes that could allow unauthenticated attackers amongst network access to the device to escalate their privileges to admin-level without needing to render a password.
This would eventually allow attackers to run commands that would typically require administrative privileges in addition to attain consummate command of the affected NAS device, including their mightiness to view, copy, delete in addition to overwrite whatsoever files that are stored on the device.
Here's How Easy it is to Hack a WD My Cloud Storage Boxes
The vulnerability, designated CVE-2018-17153, resides inwards the means WD My Cloud creates an admin session tied to an IP address.
By only including the cookie username=admin to an HTTP CGI asking ship yesteryear an assailant to the device's spider web interface, the assailant tin terminate unlock admin access in addition to attain access to all the content stored on the NAS box.
"It was works life that it is possible for an unauthenticated assailant to exercise a valid session without requiring to authenticate," the researchers explicate inwards a blog post detailing well-nigh the flaw published on Tuesday.
"The network_mgr.cgi CGI module contains a command called cgi_get_ipv6 that starts an admin session that is tied to the IP address of the user making the asking when invoked amongst the parameter flag equal to 1. Subsequent invocation of commands that would ordinarily require admin privileges are right away authorized if an assailant sets the username=admin cookie."
Long story short, exactly tell the WD My Cloud NAS device that you lot are the admin user inwards the cookie, in addition to you lot are inwards without ever beingness asked for a password.
Proof-of-Concept Exploit Code Released
Obviously, the exploit requires either a local network or meshing connective to a WD My Cloud device inwards social club to live run the command in addition to bypasses the NAS device's park login requirements.
The researchers successfully verified the vulnerability on a Western Digital My Cloud model WDBCTL0020HWT running firmware version 2.30.172, though they claimed that this number is non express to the model, equally most products inwards the My Cloud serial portion the same "vulnerable" code.
Securify researchers works life the number piece contrary applied scientific discipline the CGI binaries to aspect for safety bugs, in addition to reported it to Western Digital inwards Apr 2017, but did non have whatsoever reply from the company.
After almost one-and-half years of quiet from Western Digital, researchers survive publicly disclosed the vulnerability, which is all the same unpatched.
This is non the kickoff fourth dimension Western Digital has ignored the safety of its My Cloud NAS device users.
Earlier this year, a researcher publicly disclosed several vulnerabilities inwards Western Digital's My Cloud NAS devices, including a hard-coded password backdoor issue inwards their firmware afterward the companionship did non address the issue, which was reported 180 days earlier making it public.
Update: Patches Coming Soon!
Western Digital has responded to our story, proverb the companionship is aware of the vulnerabilities reported yesteryear researchers in addition to it is inwards procedure of finalizing a scheduled firmware update to address the issue."We aspect to postal service the update on our technical back upwardly site at https://support.wdc.com/ inside a few weeks," the companionship said inwards a blog post.
"As a reminder, nosotros besides urge customers to ensure the firmware on their products is e'er upwardly to date; enabling automatic updates is recommended."
