“We recommend that all eligible users upgrade to My Cloud OS 5 immediately to benefit from the latest security fixes,” Western Digital said in an advisory. This personal storage device plugs directly into your Wi-Fi router using its Gigabit Ethernet port so you can access, upload, and share photos and videos using. Devices that aren’t compatible with version 5 by then will lose remote access, meaning they will only be able to access files over local networks. On April 15, support for version 3 will end completely. If they didn’t, the users would no longer be able to connect to the devices over the Internet, receive security updates, or get technical support. from Windows File Explorer you can type in device IP address, or 'device name in the address bar and the drive should appear just like an external drive. How do you connect your Western Digital My. Starting earlier this week, users of the older OS with devices that are compatible with the current OS version 5 were required to update to the new version. Western Digital (WD) My Cloud is a popular series of personal cloud and network-attached storage (NAS) devices. Last year, Western Digital laid out a schedule for phasing out use of My Cloud OS 3. In June, Western Digital advised users of a different product, the My Book Live, to immediately unplug the devices from the Internet. Meanwhile, the company responded to what later turned out to be the mass exploitation of a zero-day vulnerability. That would be a mistake in the case of storage devices running Western Digital’s My Cloud proprietary operating system. Advertisementįurther Reading “I’m totally screwed.” WD My Book Live users wake up to find their data deletedMany people are often slow to patch vulnerabilities in periphery devices such as network-attached storage devices. Two additional vulnerabilities- CVE-2021-36160 and CVE-2021-34798-make it possible to remotely crash vulnerable systems. It allows remote attackers to crash vulnerable systems and possibly execute malicious code. It works by inducing server-side applications to make HTTP requests to an arbitrary domain of the attacker's choosing.ĬVE-2021-39275, meanwhile, carries a severity rating of 9.8 out of a possible score of 10. This class of bug lets attackers funnel malicious requests to internal systems that are behind firewalls or otherwise not accessible outside a private network. The vulnerability, with a severity rating of 9 out of a maximum 10, stems from a Server-Side Request Forgery. Attackers have already successfully exploited it to steal hashed passwords from a vulnerable system, and exploit code is readily available. Like the other two flaws Western Digital fixed, it resides in the Apache HTTP Server versions 2.4.48 and earlier. Western Digital has patched three critical vulnerabilities-one with a severity rating of 9.8 and another with a 9.0-that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS.ĬVE-2021-40438, as one of the vulnerabilities is tracked, allows remote attackers with no authentication to make devices forward requests to servers of the attacker's choosing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |