Skip to main content

Researchers Share Another Zero-Day in Some Western Digital NAS Products

posted onJuly 5, 2021
by l33tdawg
PC Mag
Credit: PC Mag

Shortly after hackers remotely wiped internet-connected My Book Live devices, researchers shared a new zero-day vulnerability affecting Western Digital products running MyCloud OS 3.

KrebsOnSecurity reported that the researchers discovered this vulnerability in 2020 and planned to present it at the Pwn2Own hacking competition last November. Western Digital addressed the vulnerability with the release of MyCloud OS 5, however, so the research wasn't presented.

That doesn't mean the vulnerability is irrelevant. MyCloud OS 5 isn't available for all Western Digital products, and some customers have reportedly held off on updating because it lacks features available in MyCloud OS 3. Unfortunately that also leaves these devices open to attack. Western Digital has also said it won't provide additional updates for MyCloud OS 3, so devices running the operating system will continue to be affected by this vulnerability. That revelation is made all the more troubling by the fact that the researchers demonstrated an exploit for the security flaw in February after Western Digital seemingly ignored their warnings about the issue.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th