Backdoor Account Removed from Western Digital NAS Hard Drives By

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account.

James Bercegay, a security researcher with GulfTech Research and Development, discovered and reported these flaws to Western Digital in June 2017.

The researcher published a detailed report last Wednesday after Western Digital released firmware updates.

RCE, backdoor, and an CSRF
The expansive report describes three main flaws that can be abused for different results. A short summary of all the flaws is available below, but for more detailed analysis of each vulnerability readers should refer to Bercegay's bug report:

1) Unrestricted file upload - A PHP file found on the WD MyCloud's built-in web server allows an attacker to upload files on the device. Bercegay says he used this flaw to upload web shells on the device, which in turn granted him control over the device.
2) Hardcoded backdoor account - An attacker can log into vulnerable WD MyCloud NAS devices using the username "mydlinkBRionyg" and the password "abc12345cba". Bercegay says the backdoor doesn't give attackers admin access, but he was able to exploit another flaw and get root permissions for the backdoor account.
3) CSRF (Cross-Site Request Forgery) - A CSRF bug that can be exploited for executing rogue commands on the device and for playing stupid pranks by resetting the device's backend panel interface language.

Flaws are wormable and can impact private NAS devices
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top