WD NAS Vulnerability Allows Remote Install Of Firmware

0
WD Blue NVMe SSD
A 500GB NVMe SSD. Image credit: Kompulsa.

There is another security vulnerability affecting Western Digital Network Access Storage (NAS) systems, and it allows the remote installation of firmware on the NAS devices. This means that malicious hackers could use a low-privileged user with a blank password to execute harmful code that could brick your device, among other things. This is called a remote code execution (RCE) vulnerability and it affects My Cloud OS 3 devices.

Western Digital is no longer providing updates to My Cloud OS 3 and advises users to upgrade to My Cloud OS 5, which is believed to compromise the devices’ functionality — thus deterring users from upgrading.

Western Digital said: ‘My Cloud OS 5 is a major and fundamental security release that provides an architectural revamp of our older My Cloud firmware and adds new defenses to thwart common classes of attacks. We recommend that all users upgrade to My Cloud OS 5 as soon as possible to benefit from the latest security fixes. My Cloud OS3 will not receive these security fixes.’