Western Digital NAS machines vulnerable to hijacking via HTTP cookies
Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet.
Researchers at infosec shop Securify
revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges.
This would, in turn, give the scumbag full control over the NAS device, including the ability to view and copy all stored data as well as overwrite and erase contents. If the box is accessible from the public internet, it could be remotely pwned, it appears. Alternatively, malware on a PC on the local network could search for and find a vulnerable My Cloud machine, and compromise it.
According to Securify, the flaw itself lies in the way My Cloud creates admin sessions that are attached to an IP address. When an attacker sends a command to the device's web interface, as an HTTP CGI request, they can also include the cookie username=admin – which unlocks admin access.