Updated:05:50 AM EDT Oct 17


this is ggmania.com subsite Western Digital My Cloud drives have a built-in backdoor - TechAmok

Western Digital My Cloud drives have a built-in backdoor - [security]
12:11 PM EST - Jan,05 2018 - post a comment

Western Digital's network attached storage solutions have a newfound vulnerability allowing for unrestricted root access. James Bercegay disclosed the vulnerability to Western Digital in mid-2017. After allowing six months to pass, the full details and proof-of-concept exploit have been published. No fix has been issued to date.>

More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using "mydlinkBRionyg" as the administrator username and "abc12345cba" as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands. Owners of Western Digital NAS drives are not safe on local area networks, either. Specially crafted HTML image and iFrame tags can be used on websites to make requests to devices on a local network using predictable host names. No user interaction is required other than visiting a malicious webpage.

Affected models include My Cloud Gen 2, My Cloud EX2, My Cloud EX2 Ultra, My Cloud PR2100, My Cloud PR4100, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100. A Metasploit module has also been publicly released, making is very easy for almost anyone to take advantage of Western Digital drives. It is advised to disconnected any affected drives from your local area network and block it from having Internet access until a patch can be issued.

Reportedly, anyone can log in with "mydlinkBRionyg" as the username and "abc12345cba" as the password.


Add your comment (free registrationrequired)

Short overview of recent news articles

Oct,17 2018 IFIXIT Google Pixel 3 XL Teardown Guide
Oct,17 2018 Google releases Chrome 70, letting you install PWAs on Windows 10
Oct,16 2018 21-year-old who created powerful RAT software sentenced
Oct,16 2018 Huawei's Mate 20 and Mate 20 Pro Take Aim at Galaxy Note9
Oct,16 2018 Huawei Created Its Own Memory Card Shaped Like a Nano SIM
Oct,16 2018 Battlefield V - Official Single Player Trailer
Oct,14 2018 Facebook Wants to Put Video Cameras in Your Private Spaces
Oct,14 2018 Apple Plans to Give Away Original Content for Free to Device Owners
Oct,14 2018 Netflix cancels Marvel's Iron Fist
Oct,14 2018 Jonathan Trailer #1 (2018)
Oct,13 2018 Intel Core i9 9900K vs AMD Ryzen 7 2700X
Oct,12 2018 Samsung Says Foldable Phone to Act Like Tablet
Oct,12 2018 Facebook Says Hackers Accessed Users' Personal Data
Oct,12 2018 Maria Doroshina - Fit Russian Blonde Beauty
Oct,12 2018 2018 Most Popular Women Tennis Players
Oct,12 2018 AMD Radeon Adrenalin 18.10.1 Drivers
Oct,12 2018 NVIDIA GeForce 416.34 WHQL Game Ready Drivers
Oct,11 2018 Could You Answer Elon Musk's Tricky Interview Question?
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.02secs