10 January 2018

WD My Cloud NAS security vulnerability: hardcoded default username and password


Security researcher James Bercegay has found a serious security vulnerability in the Western Digital MyCloud family of Network Attached Storage devices.

He discovered that, amongst other vulnerabilities, a hidden firmware backdoor allowed anyone to login remotely, using a hardcoded username and password.

Someone might use these same credentials (apparently the same on all affected WD My Cloud devices) to log into your personal files remotely. In fact, the existence of default login credentials could even be used in a Mirai-style attack.

Owners of these devices are strongly advised to download and install firmware version 2.30.174 or above - to remove this vulnerability.


No comments:

Post a Comment