WD My Cloud Devices Reportedly Vulnerable to Remote Attacks

Advertisement
By Shekhar Thakran | Updated: 7 March 2017 13:47 IST
Highlights
  • Western Digital has already fixed one severe bug with update
  • Exploitee.rs says it released bugs early due to WD's industry reputation
  • Hackers can potentially upload files without user permission
WD My Cloud Devices Reportedly Vulnerable to Remote Attacks

If you are a proud owner of a WD My Cloud NAS device, it's time to pay attention. The company's My Cloud NAS devices have been found vulnerable to remote hacking via the Internet and can potentially allow hackers to get access to your account and even upload files without permission.

As per Exploitee.rs, due to poorly implemented scripts on the WD My Cloud drives, hackers could bypass the login as its function makes use of cookies that could be provided by the hacker in order to gain access, as pointed out in a report by Engadget. "It is important to note that all commands executed through the web interface are done so as the user the web-server is running as, which, in this case is root," Exploitee.rs said in its post.

Although the login bypass bug has been fixed by the company with a software update, Exploitee.rs claims the fix introduced another bug. This, along with other security flaws have been published by the Exploitee.rs team even before they have been patched supposedly to force Western Digital into taking action.

The devices in question regarding the security flaws include WD My Cloud Gen 2, My Cloud Mirror, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100.

Advertisement

Exploitee.rs says that usually the team works with the vendors to ensure that the fixes are released properly for the flaws, however, Western Digital's "reputation within the community" made the team publish the flaws to public right away. The team says that as WD has developed a reputation for ignoring the severity of the bugs reported to it, they are trying to "alert the community of the flaws" so that users can limit access of their WD My Cloud devices to the Internet as much as possible.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. Vivo X200 FE Global Launch Confirmed; Design Teased
  2. Poco F7 Launch Date, Price in India, Design and Key Features Leaked Online
  3. Vivo Y400 Pro 5G India Launch Date Confirmed; Design Revealed
  4. Oppo Reno 14 5G Series, Watch X2 Mini, Enco Buds 3, Pad SE to Launch Globally
  5. Oppo K13x 5G India Launch Date, Price Range and Key Features Revealed
  6. Apple to Ship 2.8 Million iPhone Units in India in Q2 Despite Slowdown
  7. You Can Now Download Generated Canvas in ChatGPT
  8. Oppo K13 Turbo Pro Key Specifications Leaked Online
  9. Realme Narzo 80 Lite 5G Launched in India With 6,000mAh Battery: See Price
  10. Hisense U7Q Mini-LED TV Launched in India With These Features
  1. Bitget Partners UNICEF Unit to Expand Blockchain Training Across India, Other Countries 
  2. WhatsApp Reportedly Working on Ability to Scan Documents on Android Smartphones
  3. ElevenLabs Expands Eleven V3 Text-to-Speech Model With Support for 41 New Languages
  4. Vivo T4 Lite 5G India Launch Confirmed; Battery Capacity, Price Range Teased
  5. TikTok Pushes Deeper Into AI-Generated Video Ads With New Tools
  6. Apple Risks Fresh EU Charge Sheet Over App Store Curbs
  7. The Witcher 4 Will Target 60 FPS on Consoles, but Series S Will Be 'Extremely Challenging' Says CD Projekt Red
  8. Oppo Reno 14 5G Series Global Launch Teased Alongside Watch X2 Mini, Enco Buds 3 and Pad SE
  9. Microsoft Begins Testing AI Agents in Windows 11, Brings Option to Share Recall Snapshots in Europe
  10. watchOS 26 to Bring Control Center Customisation Options with User-Defined Toggles
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.