Multi security vulnerabilities affect Western Digital My Cloud PR4100

In the ever-evolving landscape of cybersecurity, one of the newest frontiers is the world of network-attached storage (NAS) devices. These products serve as a critical link in our digital lives, bridging the gap between our personal and professional data repositories. Among such devices, Western Digital’s My Cloud PR4100 has been a popular choice due to its robust capabilities. However, recent revelations have raised concerns about the security of this device.

CVE-2022-29840: Western Digital My Cloud PR4100 server-side request forgery

This flaw is a server-side request forgery vulnerability, identified as CVE-2022-29840, with a CVSS score of 7.3. It poses a significant threat, enabling network-adjacent attackers to execute arbitrary code on affected installations of My Cloud PR4100 without requiring authentication.

The vulnerability exists within the RESTSDK server. It hinges on the server’s lack of proper validation of a URI prior to accessing resources. This flaw could be a goldmine for attackers, who can leverage it in conjunction with other vulnerabilities to execute arbitrary code with root-level privileges.

Fortunately, Western Digital has acted swiftly in response to the threat, releasing the My Cloud OS 5 Firmware 5.26.202 update to patch this vulnerability.

CVE-2022-29841: Western Digital My Cloud PR4100 code execution

The second vulnerability tracked as CVE-2022-29841 and boasting a worrying CVSS score of 8.8, allows remote attackers to execute arbitrary code on the My Cloud PR4100 devices. While exploitation does require authentication, the vulnerability enables the bypassing of the existing authentication mechanism.

The specific flaw exists within the ‘do_reboot’ binary. The issue here originates from improper validation of a user-supplied string before using it to execute a system call. Attackers can exploit this vulnerability, in concert with others, to run arbitrary code in the context of root.

Western Digital has provided a fix for this vulnerability via the My Cloud OS 5 Firmware 5.26.119 update.

CVE-2022-29842: Western Digital My Cloud PR4100 code execution

The third vulnerability, identified as CVE-2022-29842 with a CVSS score of 7.5, is a code execution flaw that could allow network-adjacent attackers to execute arbitrary code on affected My Cloud PR4100 devices, without needing authentication.

The flaw resides within the ‘account_mgr’ CGI script. The core issue is the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can use this flaw to execute code with root-level privileges.

Once again, Western Digital has addressed this vulnerability promptly with the release of the My Cloud OS 5 Firmware 5.26.119 update.

Final Thoughts: Maintaining the Security of Our Digital Treasures

These security vulnerabilities underline the importance of vigilance in the world of network-attached storage devices. They serve as a reminder that as we entrust more of our data to such devices, we must also be aware of their potential security flaws and ensure we act promptly to address them.

Users of Western Digital’s My Cloud PR4100 devices should ensure their devices are updated with the latest firmware, effectively neutralizing these vulnerabilities.