Matrix Posted September 20, 2018 Share Posted September 20, 2018 Why it matters: The matter of data privacy and security rears its ugly head every time a hardware vendor refuses to acknowledge or take notice of exploits which compromise their customers' data. While customer data is exposed, no one is minding the store. This time, despite a number of reports to WD, a glaring one year-old vulnerability is yet to be patched. A critical security flaw in Western Digital's popular My Cloud family of NAS devices allows hackers to gain full access to the devices' contents. Remco Vermeulen, a Dutch security researcher has just published a report on this well-known privilege escalation attack for MyCloud devices, but only after having tried to address the issue with Western Digital and getting nothing but hot air. The "authentication bypass vulnerability", he said, grants an attacker access to admin privileges, before logging into the device. This allows the attacker to create a reverse shell, giving them access to the user's files on the drive(s). The vulnerability is present even on a remote connection via the internet, if the owner of the device has previously enabled remote access. The same security researcher states he had previously disclosed details on other attacks which, to date, WD has not bothered to patch in its firmware updates. The fact has been corroborated by Exploitee.rs who said they'd also reported the same vulnerability and even documented the entire process. Western Digital's My Cloud series of devices are notoriously vulnerable with a number of attacks being reported several times in the media. The problem, however, remains. In the last few hours, WD's crack team of engineers has replied to the public disclosure and stated they are working on a "scheduled firmware update that will resolve the issue," and advised customers to reach out to their support team. The hardware vendor has recognized, in a blog post, that a number of its devices which use the Dashboard Cloud Access remain vulnerable to the exploit, including the My Cloud EX2, EX4, Mirror, PR2100, PR4100 among others. You can find a full list here. To be fair, WD is not the first, and will not be the last hardware vendor to market products with glaring vulnerabilities, but it stands to reason that there be a time limit on patching up the leaky sieve once it's been reported. source Link to comment Share on other sites More sharing options...
Matrix Posted September 20, 2018 Author Share Posted September 20, 2018 UPDATE: Western Digital has responded to our request for a statement, which we have published below. Security researchers at Securify have discovered a vulnerability on Western Digital’s My Cloud NAS boxes which can grant attackers complete control over their contents. The exploit requires either local network or internet access to a My Cloud device in order to be run and bypasses the NAS box's usual login requirements. Called CVE-2018-17153, the bug could potentially also give hijackers the ability to run commands that would typically require administrative privileges. Once access has been gained, hackers can view, copy, delete or overwrite any files that are stored on the device. Your cloud can be pwned According to Securify, "The network_mgr.cgi CGI module contains a command called cgi_get_ipv6 that starts an admin session that is tied to the IP address of the user making the request when invoked with the parameter flag equal to 1. Subsequent invocation of commands that would normally require admin privileges are now authorized if an attacker sets the username=admin cookie." Cutting through the jargon, that essentially means it’s the way WD My Cloud sets up an admin session connected to an IP address that raises the vulnerability. By simply adding the cookie username=admin to an HTTP CGI request sent via a local network or internet connection, anyone can gain access to the content stored on the NAS box. Securify raised the issue with Western Digital in April, when the flaw was first discovered, but never heard back from the company. After five months of silence from WD, Securify has decided to publicly disclose the vulnerability. We contacted Western Digital for a comment and the company has confirmed that a firmware update will be deployed shortly to fix the issue. "We are in the process of finalizing a scheduled firmware update that will resolve the reported issue," WD responded in an email. "We expect to post the update on our technical support site at https://support.wdc.com/ within a few weeks." source Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted September 20, 2018 Share Posted September 20, 2018 vulnerability is more then we all think Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.