WD My Cloud Devices Reportedly Vulnerable to Remote Attacks

If you are a proud owner of a WD My Cloud NAS device, it's time to pay attention. The company's My Cloud NAS devices have been found vulnerable to remote hacking via the Internet and can potentially allow hackers to get access to your account and even upload files without permission.

As per Exploitee.rs, due to poorly implemented scripts on the WD My Cloud drives, hackers could bypass the login as its function makes use of cookies that could be provided by the hacker in order to gain access, as pointed out in a report by Engadget. "It is important to note that all commands executed through the web interface are done so as the user the web-server is running as, which, in this case is root," Exploitee.rs said in its post.

Although the login bypass bug has been fixed by the company with a software update, Exploitee.rs claims the fix introduced another bug. This, along with other security flaws have been published by the Exploitee.rs team even before they have been patched supposedly to force Western Digital into taking action.

The devices in question regarding the security flaws include WD My Cloud Gen 2, My Cloud Mirror, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100.

Exploitee.rs says that usually the team works with the vendors to ensure that the fixes are released properly for the flaws, however, Western Digital's "reputation within the community" made the team publish the flaws to public right away. The team says that as WD has developed a reputation for ignoring the severity of the bugs reported to it, they are trying to "alert the community of the flaws" so that users can limit access of their WD My Cloud devices to the Internet as much as possible.