Lolight Posted June 25, 2021 Share Posted June 25, 2021 https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/ 1 Quote Link to comment
ChatNoir Posted June 25, 2021 Share Posted June 25, 2021 We might see an influx of new users. Brace for impact. Quote Link to comment
ghost82 Posted June 25, 2021 Share Posted June 25, 2021 (edited) After the qnap ransomware attack another thing that smells like a breach...this is why backups should be offline Quote "Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands" https://nvd.nist.gov/vuln/detail/CVE-2018-18472 🙈 WD response: Quote The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012. These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device. Western Digital takes the security of our customers’ data seriously, and we provide security updates for our products to address issues from both external reports and regular security audits. Additionally, we welcome the opportunity to work with members of the security research community through responsible disclosure to help protect our users. Users who wish to find the latest security update for their Western Digital device may do so on our support portal at https://support.wdc.com. Security researchers who wish to contact Western Digital can find contact information as well as a PGP key at https://www.wdc.com/security/reporting.html. 🙈 🙈 🙈 🙈 🙈 For such a severe vulnerability one should always provide patches..... Edited June 25, 2021 by ghost82 Quote Link to comment
Lolight Posted June 28, 2021 Author Share Posted June 28, 2021 On 6/25/2021 at 2:05 PM, ChatNoir said: We might see an influx of new users. Brace for impact. Doubt that - they are a different kind of a customer. A more likely outcome for most of them would be to move onto Synology, Qnap or just a replacement external. Quote Link to comment
Lolight Posted June 30, 2021 Author Share Posted June 30, 2021 A second exploit: https://www.theverge.com/2021/6/29/22555959/wd-my-book-live-second-exploit-authentication-factory-reset-without-password-root-control Quote Link to comment
SpencerJ Posted June 30, 2021 Share Posted June 30, 2021 https://threatpost.com/zero-day-wipe-my-book-live/167422/ Ugh. Quote Link to comment
Lolight Posted July 1, 2021 Author Share Posted July 1, 2021 8 hours ago, SpencerJ said: https://threatpost.com/zero-day-wipe-my-book-live/167422/ Ugh. Schrader’s guess at what happened at Western Digital is that “someone had the idea to centralize all the authentication into a single file and forgot to remove all line-disabling comments from the code before releasing it,” he said via email. “That this is used in an exploit about two month later is a surprise, but only because it took that long. What kind of QA is done at Western Digital?"" 😲 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.