Western Digital ‘My Cloud’ Storage Devices exist secret hard-coded backdoor

In recent years, consumers are becoming increasingly interested in NAS. Private disk manufacturers have also introduced many private cloud products but failed to make enough efforts in terms of security. Recently, foreign media exposed the Western Digital My Cloud device there is a serious backdoor news. People with ulterior motives can get unrestricted root access to networked devices. Although James Bercegay disclosed the vulnerability to vendors as early as mid-2017, six months passed and Western Digital did not fix it.

According to the full details of the proof of concept it disclosed, the most troubling thing is that My Cloud has an unchangeable hard-coded backdoor credential.

Anyone can log in to Western Digital’s My Cloud service via ‘mydlinkBRionyg’, a user name with administrator privileges and ‘abc12345cba’. After logging in, attackers have plenty of opportunities to go through commands such as commands to gain shell-less shell access.

In view of this, even cut off the external network connection, Western Digital NAS device users in the same danger in the network:

Simply elaborate an HTML image and iFrame tag on your site, and then make a request to your local network’s device using a predictable hostname. In addition to seducing access to malicious web pages, there is no need for any user interactions.

It is reported that a very wide range of affected models, including:

My Cloud Gen 2, My Cloud EX2, My Cloud EX2 Ultra, My Cloud PR2100, My Cloud PR4100, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100.

Brokers have exposed a Metasploit module so everyone can easily launch attacks on WD NAS devices. Finally, we can only recommend to all affected users that there be complete disconnection until manufacturers push security patches.

Reference: thehackernews