WD NAS vulnerability enables the hackers to gain admin control over MyCloud Devices.
Security experts have discovered an authentication bypass vulnerability in WD’s My Cloud NAS devices that could allow an attacker to gain administrator control to the affected devices.
WD My Cloud is one of the most popular network-attached storage solutions which is being used both by businesses and individuals to host their files and sync them with cloud and web-based solutions.
Therefore, using the WD My Cloud NAS devices enables users to share files in their internal networks but also allows them to access the content of their NAS devices anywhere around the world. Unfortunately, security experts at Securify have found an authentication bypass vulnerability on the WD My Cloud NAS systems that allow unauthenticated attackers with network access to the device to elevate their privileges to administrator level without a need to enter a password.
This would eventually enable attackers to execute commands that would require administrative privileges and gain complete control of the NAS device, including the abilities to view, copy, delete and overwrite any data that is present on the device.
The vulnerability, named CVE-2018-17153, functions in the way WD My Cloud creates an administrator session tied to an address. Simply including the cookie username=admin to an HTTP CGI request send by an attacker to the NAS web interface, the hacker can unlock admin access and gain access to all the content.
Researchers have published a proof-of-concept (PoC) exploit explaining how the vulnerability works, and how it can be exploited with just a few lines of code.
Obviously, the exploit requires either a local network or internet connection to a WD My Cloud NAS in order to be run. The researchers successfully verified the vulnerability on a WD My Cloud WDBCTL0020HWT model running firmware version 2.30.172. It is concluded that this issue is not limited to the model, as most products in the My Cloud series share the same vulnerability.
Patches Are Coming Soon!
“We expect to post the update on our technical support site at https://support.wdc.com/ within a few weeks,” the company confirmed in a blog post.
“As a reminder, we also urge customers to ensure the firmware on their products is always up to date; enabling automatic updates is recommended.”
After almost two years of silence from WD, researchers finally published the vulnerability to the public, which is still unpatched. This however, is not the first case that Western Digital has ignored the security of their My Cloud NAS devices and users.