You can now find Cyber Kendra on Google News | Telegram

Another Zero-day found in Western Digital network Storages

This second Zero-day affects Western Digital NAS running MyCloud OS 3.

Security researchers Radek Domanski and Pedro Ribeiro discovered a previously unknown vulnerability in Western Digital NAS devices running MyCloud OS 3. Experts planned to exploit it at the Pwn2Own hacker competition in Tokyo last year, but a few days before the event, the manufacturer released MyCloud OS 5, which completely fixes the vulnerability, so their plan fell through.

In February of this year, Domanski and Ribeiro posted a video on YouTube showing how they managed to discover a chain of vulnerabilities that could allow attackers to remotely update the firmware of network storage devices and install a backdoor using a user account with low privileges and an empty password.

According to the researchers, they notified Western Digital of the discovered vulnerability, but the company did not respond to their report. The manufacturer confirms that it received a corresponding report from Domanski and Ribeiro, but after Pwn2Own in Tokyo, the vulnerability was fixed in MyCloud OS 5. Whether the problem is fixed in MyCloud OS 3 is unknown. According to the company's notice on the support site dated March 12, 2021, there will be no more security updates for MyCloud OS 3.

As Domanski notes, MyCloud OS 5 is a completely rewritten Western Digital operating system, and some of the key features found in MyCloud OS 3 are missing from it. Many users may not want to upgrade to MyCloud OS 5, and it would be worth fixing a dangerous vulnerability in MyCloud OS 3. In this regard, the researchers released their own patch, which needs to be installed again after each reboot of the device.

As a reminder, Western Digital's Digital My Book users faced a massive factory reset last month. As it turned out, the devices were attacked by hackers through two vulnerabilities, and they were exploited by different groups competing with each other.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.