June 25, 20215 yr https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/
June 25, 20215 yr After the qnap ransomware attack another thing that smells like a breach...this is why backups should be offline Quote "Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands" https://nvd.nist.gov/vuln/detail/CVE-2018-18472 🙈 WD response: Quote The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device. Western Digital takes the security of our customers’ data seriously, and we provide security updates for our products to address issues from both external reports and regular security audits. Additionally, we welcome the opportunity to work with members of the security research community through responsible disclosure to help protect our users. Users who wish to find the latest security update for their Western Digital device may do so on our support portal at https://support.wdc.com. Security researchers who wish to contact Western Digital can find contact information as well as a PGP key at https://www.wdc.com/security/reporting.html. 🙈 🙈 🙈 🙈 🙈 For such a severe vulnerability one should always provide patches..... Edited June 25, 20215 yr by ghost82
June 28, 20215 yr Author On 6/25/2021 at 2:05 PM, ChatNoir said: We might see an influx of new users. Brace for impact. Doubt that - they are a different kind of a customer. A more likely outcome for most of them would be to move onto Synology, Qnap or just a replacement external.
June 30, 20215 yr Author A second exploit: https://www.theverge.com/2021/6/29/22555959/wd-my-book-live-second-exploit-authentication-factory-reset-without-password-root-control
July 1, 20215 yr Author 8 hours ago, SpencerJ said: https://threatpost.com/zero-day-wipe-my-book-live/167422/ Ugh. Schrader’s guess at what happened at Western Digital is that “someone had the idea to centralize all the authentication into a single file and forgot to remove all line-disabling comments from the code before releasing it,” he said via email. “That this is used in an exploit about two month later is a surprise, but only because it took that long. What kind of QA is done at Western Digital?"" 😲
Archived
This topic is now archived and is closed to further replies.