A Local Privilege Escalation flaw exists on Western Digital My Cloud
According to the securityaffairs news on Saturday, security services provider Trustwave found two vulnerabilities in Western Digital’s My Cloud network storage device could be exploited by local attackers to gain root access to NAS devices.
According to Trustwave’s researchers, both of the Western Digital My Cloud flaws are arbitrary command execution vulnerabilities and the other is arbitrary file deletion vulnerabilities.
Any command execution vulnerability
The vulnerability affects the public gateway interface script “nas_sharing.cgi”, causing local users to execute shell commands as root. In addition, researchers also found that hard-coded credentials allow any user to authenticate the device with the user name “mydlinkBRionyg.”
Optional file deletion vulnerability
The vulnerability is also bound to the public gateway interface script “nas_sharing.cgi” so that attackers gain root privileges.
After linking the two vulnerabilities, an attacker can execute shell commands as root: log in by using hard-coded credentials and base64-encode the commands passed in the “artist” parameter.
Western Digital My Cloud network storage device models currently affected by the vulnerability include:
My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100.
In fact, as early as last year, security service provider Trustwave had reported these issues to Western Digital and Western Digital has also made a remedy. It is reported that the company in the November 16, 2017, release of the firmware (version 2.30.172) update to address the issue of vulnerability. In addition, Western Digital recommends users:
– Make sure the firmware on the product is always up-to-date;
– enable automatic updates
– Achieve good data protection measures, such as regular data backup and password protection, including protecting your router when using personal cloud or network attached storage.
Source: SecurityAffairs