Western Digital My Cloud is prone to a authentication-bypass vulnerability.
An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks.
Information
Western Digital My Cloud PR4100 0
Western Digital My Cloud PR2100 0
Western Digital My Cloud Mirror Gen 2 0
Western Digital My Cloud Mirror 0
Western Digital My Cloud EX4100 0
Western Digital My Cloud EX4 0
Western Digital My Cloud EX2100 0
Western Digital My Cloud EX2 Ultra 0
Western Digital My Cloud EX2 0
Western Digital My Cloud DL4100 0
Western Digital My Cloud DL2100 0
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- Authentication bypass vulnerability in Western Digital My Cloud allows escalatio (securify.nl)
- Western Digital Corporation Homepage (Western Digital Corporation)
- Western Digital My Cloud Update (westerndigital.com)