WD My Cloud Devices Reportedly Vulnerable to Remote Attacks

Advertisement
By Shekhar Thakran | Updated: 7 March 2017 13:47 IST
Highlights
  • Western Digital has already fixed one severe bug with update
  • Exploitee.rs says it released bugs early due to WD's industry reputation
  • Hackers can potentially upload files without user permission

If you are a proud owner of a WD My Cloud NAS device, it's time to pay attention. The company's My Cloud NAS devices have been found vulnerable to remote hacking via the Internet and can potentially allow hackers to get access to your account and even upload files without permission.

As per Exploitee.rs, due to poorly implemented scripts on the WD My Cloud drives, hackers could bypass the login as its function makes use of cookies that could be provided by the hacker in order to gain access, as pointed out in a report by Engadget. "It is important to note that all commands executed through the web interface are done so as the user the web-server is running as, which, in this case is root," Exploitee.rs said in its post.

Advertisement

Although the login bypass bug has been fixed by the company with a software update, Exploitee.rs claims the fix introduced another bug. This, along with other security flaws have been published by the Exploitee.rs team even before they have been patched supposedly to force Western Digital into taking action.

The devices in question regarding the security flaws include WD My Cloud Gen 2, My Cloud Mirror, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100.

Advertisement

Exploitee.rs says that usually the team works with the vendors to ensure that the fixes are released properly for the flaws, however, Western Digital's "reputation within the community" made the team publish the flaws to public right away. The team says that as WD has developed a reputation for ignoring the severity of the bugs reported to it, they are trying to "alert the community of the flaws" so that users can limit access of their WD My Cloud devices to the Internet as much as possible.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement
Popular Mobile Brands
  1. Here's Our First Look of the Nothing Phone 4b 'RCB Edition' Variant
  2. Amazon Prime Day Sale: Early Deals on Smartphones From Top Brands Revealed
  3. Moto G77 Power Will Launch in India on This Date
  4. OTT Releases This Week: Elle, Super Subbu, Enola Holmes 3, and More
  1. PS Plus Monthly Games for July Include Call of Duty: Modern Warfare 3, For the King 2 and CrossCode
  2. Nothing Phone 4b RCB Edition Design, Colour Revealed Days Ahead of Debut
  3. Garmin Forerunner 70, Forerunner 170, Forerunner 170 Music Launched in India With 1.2-Inch Display, Up to 13 Days Battery Life
  4. Redmi Note 17 Series Launch Timeline Teased, Company Touts Display Upgrades and Longer Battery Life
  5. Lava Probuds T51, Xscape 13° Neckband With Up to 70 Hours Battery Life Launched in India: Price, Features
  6. Best Noise Cancellation Headphones in India to Buy This Amazon Prime Day: boAt Rockerz 650 Pro, JBL Tune 520 BT and More
  7. Oppo Enco Air 5 With Up to 52dB ANC, Up to 54 Hours Battery Launched in India: Price, Features
  8. Apple Reportedly Cuts iPhone 17 Series Production Plans by 15 Percent as Demand Softens
  9. Moto G77 Power Set to Launch in India Next Week; Price Range, Specifications Revealed
  10. CMF's Himanshu Tandon Announces Exit Weeks After Firm Confirms 2026 Phone Strategy
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.