Western Digital (WD) My Cloud EX2 Storage Device Default Configuration Leaked File
According to securityaffairs reports on April 26th, researchers at security company Trustwave found that Western Digital (WD) My Cloud EX2 storage devices will leak files on the local network by default regardless of the user’s set permissions. And if the user configures the device for remote access and brings it online, the situation becomes even worse. Because in this case, the My Cloud EX2 storage device also leaks files through HTTP requests on port 9000.
According to the security announcement issued by Trustwave, the default configuration of the My Cloud EX2 drive allows any unauthenticated local network user to obtain any file from the device using an HTTP request. Even if public sharing is disabled, files on the storage can be accessed. That is, anyone can send HTTP requests to TMSContentDirectory/Control on port 9000 to pass various operations, such as browsing operations returning XML with a URL to a single file on the device.
Trustwave researchers stated that the leak was due to the device’s UPnP media server automatically starting up when the device was turned on. By default, unauthenticated users can completely bypass any permissions or restrictions set by the owner or administrator to get any files from the device.
Trustwave said that they discovered the vulnerability on January 26 and reported it to Western Digital. At the time, however, the company only advised its users to disable DLNA. Trustwave currently publishes a POC for this vulnerability and recommends that users turn off DLNA to protect the data.