Western Digital’s popular My Cloud line of network attached storage (NAS) devices have recently exposed a severe security breach that gives attackers full access to content on the device. Dutch security researcher Remco Vermeulen has just shared a “privilege escalation attack report” on the issue. Another colleague also said that details of other attacks had been disclosed, but Western Digital has not given a firmware update so far.
Remco Vermeulen points out that the authentication bypass vulnerability allows an attacker to gain administrator privileges before logging in to the device. They merely create a reverse shell to access user files on the drive.
I recorded a poc showing how a user’s browser can be abused to attack the #MyCloud that is only accessible on the local network. It chains the privilege escalation with a post auth command injection to create a reverse shell. pic.twitter.com/eTRtlIlVRN
— Remco Vermeulen (@RemcoVermeulen) September 18, 2018
This vulnerability is also present on remote connections if the device owner has enabled remote access. As a well-known NAS device, Western Digital’s My Cloud series has repeatedly been reported on security issues. The exploit again confirmed this fact, saying that it also reported the same vulnerability to Western Digital and even recorded the entire process.
Before the release, the Western Digital engineering team finally responded by saying that they would solve the problem in the regular firmware update and advised the customer to contact the support team.
Western Digital revealed in a blog post that many devices using Dashboard Cloud Access are still vulnerable, including My Cloud EX2, EX4, Mirror, PR2100, PR4100 and more.