Western Digital just released a My Cloud OS update that fixes a dangerous remote access vulnerability. All My Cloud users should install the firmware update (version 5.19.117) to protect against remote hacking attempts.
As reported by computer beeps, participants in the Pwn2Own 2021 hacking competition have figured out how to remotely run code on My Cloud devices using the included “Netatalk Service” software. This vulnerability, named CVE-2022-23121, works without user authentication. Like last year’s My Book Live vulnerability, it appears to be very easy to execute.
Hackers remotely accessing your cloud storage drive can delete or copy its data. They can also upload data, including malware, to your network. Therefore it is important that you update now.
Here are the devices that may be affected by this vulnerability:
- My Cloud PR2100
- My Cloud PR4100
- My Cloud EX2 Ultra
- My Cloud EX 4100
- My Cloud Mirror Gen 2
- My Cloud EX2100
- My Cloud DL2100
- My Cloud DL4100
Updating your drive will disable the Netatalk service, an open-source Apple Filing Protocol (AFP) solution. Basically, it lets Unix-like operating systems do file server tasks for Macs. (If you are a developer using the Netatalk service for any application, you should update to the latest version now as it patches the CVE-2022-23121 vulnerability.)
Note that Western Digital will continue to offer coupons to customers with obsolete drives. These coupons expire on April 15th. So if you have an old WD cloud storage device at home, you should contact the company.
Source: Western Digital via Bleeping Computer
This article was previously published on Source link
