Loading...

Your data is at risk: If you have any products from Western Digital or D-Link stop using then immediately and read this first

Your data is at risk: If you have any products from Western Digital or D-Link stop using then immediately and read this first

Our cybersecurity team found a massive security flaw inside Western Digital Storage Devices acting like a backdoor.
The vulnerability is putting at risk a broad array of devices having WDMyCloud firmware prior v.20.30.165 on it: MyCloud, MyCloudMirror, My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100.

The flaw can be used remotely, compromising even the company best selling products as WD My Cloud which is the no.1 in selling on Amazon for NAS (network attached storage).
The bug responsible for creating this backdoor capability, found by our skilled researchers, is an improper use of the PHP gethostbyaddr() function.
This function can be used by a cybercriminal to declare his remote auth server which allows him to upload any file he wants on a compromised storage device.

The function is exploited this way: inside of the code embedded in WD firmware, there are specific line codes that look for a particular user name: mydlinkBRionyg and requesting a particular password: abc12345cba.

Those line of codes could be easily abused with root shellcode and efficiently execute any command without demanding any authorization. Our cybersecurity team found multiple ways of taking advantage of this vulnerability, one of the most interesting is that a storage device could be attacked even if it was not connected to the internet. Operating only inside a LAN, the problem appears when just a single computer inside that network is connected to the internet and accessing a designated site with an embedded iframe or img tag that makes a request using one of the default hostname such wdmycloud, wdmycloudmirror.

To make this even more dangerous situation a similar vulnerability was found, at the same time as the one in WD devices, in D-Link routers, many of them being capable of supporting NAS devices.
Now you can see the bigger picture, 2 of the most popular devices vulnerable, both working sides by side offering extended unrestricted access to the whole network without any authorization.

Our top cybersecurity analyst says " It is unlikely to encounter many situations like this where popular products share big vulnerabilities that make cybercriminals days easier, but as you can see they will leave your data exposed. This is why every user should keep devices up to date and always have multiple layers of security on their grid, keeping their devices protected with top antivirus software for example!"

CyberByte Antivirus comes in two flavors:
MacOS Version - the free download Mac antivirus available on our website (https://mac.cyberbyte.org)
Windows Version - the free download Windows antivirus available on our website (https://pc.cyberbyte.org)
The free antivirus is with limited features.

About CyberByte About CyberByte