New Western Digital My Cloud Bugs Give Local Attackers Root on NAS Devices (critical vulnerabilities

[LASER_oneXM]

Researchers disclosed two new vulnerabilities in Western Digital My Cloud network storage devices on Thursday that could allow a local attacker to delete files stored on devices or allow them to execute shell commands as root.

Researchers at Trustwave disclosed the vulnerabilities, which come on the heels of disclosure by security firm GulfTech that reported critical vulnerabilities, including a hardcoded backdoor, in 12 Western Digital (WD) My Cloud devices.

The two WD My Cloud vulnerabilities disclosed by Trustwave include an arbitrary command execution flaw and an arbitrary file deletion (via specific parameters) bug. Impacted are the following Western Digital models: My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100.

The first (arbitrary command execution) vulnerability is tied to a common gateway interface script called “nas_sharing.cgi” used in the My Cloud firmware that allows any local user to execute shell commands as root on affected devices. The second (arbitrary file deletion) flaw, also related to a common gateway interface script “nas_sharing.cgi”.

“These vulnerabilities are likely not publicly exposed to the internet and would likely be exploited via the local network only,” said Martin Rakhmanov, security research manager at Trustwave SpiderLabs.

Last month, GulfTech researchers revealed a hardcoded backdoor impacting 12 Western Digital My Cloud network storage devices. According to GulfTech, the Western Digital devices allow remote backdoor admin access via username “mydlinkBRionyg” and password “abc12345cba”.

Trustwave said it also identified the remote backdoor in the same timeframe.