Western Digital's NAS "My Cloud" found a backdoor and found that anyone could access it internally

byCheon Fong Liew

Western Digital personal cloud storage terminal "My Cloud"There was a hard coded backdoor and it turned out that anyone could access the inside of the storage as soon as it passed the certification.

WDMyCloud <= 2.30.165 Multiple Vulnerabilities
http://gulftech.org/advisories/WDMyCloud Multiple Vulnerabilities/125

Western Digital 'My Cloud' devices have a hardcoded backdoor - stop using these NAS drives NOW!

James Bercegay of Gulftech Research and Development, IT security company, pointed out the vulnerability.

Initially, Mr. Bercegay was investigating the vulnerability of unlimited uploading of files in My Cloud. This vulnerability is a function that obtains a host name from an IP address in PHP "gethostbyaddrIt was found that misuse / misunderstanding was the cause.

Mr. Bercegay decided to deeply examine the CGI binaries accessible from the web interface, proceeded further investigation and noticed the existence of backdoor. This backdoor is a "classic" one with a fixed user name and password, and it is set as an administrator user, so it only makes CGI run by having the iframe tag and img tag read in the worst It is even possible to erase all of My Cloud's contents.

Several other vulnerabilities were found and Bercegay contacted Western Digital on the 10th of 2017 using the form of the official website. After interacting with support personnel, Western Digital received a message from June 16, 2017 that we would like you to wait for information disclosure for 90 days. Mr. Bercegay did not disclose the information after the expiration date, but on December 15, 2017 Zenofex of Exploitees.rs, which reached the vulnerability separately from Mr. Bercegay, released the information. In 2018, Mr. Bercegay also disclosed the information.

Western Digital MyCloud - Exploitee.rs

The target terminal is
· MyCloud
· MyCloudMirror
· My Cloud Gen 2
· My Cloud PR 2100
· My Cloud PR 4100
· My Cloud EX 2 Ultra
· My Cloud EX 2
· My Cloud EX4
· My Cloud EX 2100
· My Cloud EX 4100
· My Cloud DL 2100
· My Cloud DL 4100
The firmware corresponding to vulnerability "MyCloud 2.30.174" is released in November 2017. Also, there is no vulnerability in the series "MyCloud 04.x" version.

in Software,   Hardware,   Security, Posted by logc_nt