Technology, Top News

WD MyCloud vulnerability is published after remaining ‘unpatched for a year’

WESTERN DIGITAL has fallen foul of another security vulnerability in its WD MyCloud range of NAS drives which could give backdoor access to hackers.

Dutch security researcher Remco Vermeulen claims that his discovery remains unpatched a full year and more after the flaw was first reported and has decided to go public.

Described as an “authentication bypass vulnerability” (because it is), it allows hackers to take admin rights to the drive before they have even logged in. Then with a bit of flippery-pokery create a reverse shell that gives them access to the files.

Remco Vermeulen wasn’t alone in spotting it and reporting it.

Techspot reports that WD has finally said that it is working on a “scheduled firmware update that will resolve the issue,” with concerned users advised to report it to the support team. Who will doubtless tell them that there will be a “scheduled firmware update that will resolve the issue,”.

Western Digital’s track record on NAS vulnerabilities is less than stellar, and given how high profile the range is, when these things come up, especially with the revelation that vulnerabilities have been there for a year on devices often favoured by small to medium businesses, the repeated apathy is a concern. μ

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend