Hacking into a fully patched MyCloud

Hi all,

I’m using the latest firmware (2.11.169) on a WD EXT4. I read about the hard coded password/backdoor in the past (https://www.theregister.co.uk/2018/01/08/wd_mycloud_nas_backdoor/) and wanted to confirm the problem is fixed.

I ran OpenVAS on my LAN and it was able to get root access on my NAS. The vulnerabilities here https://www.exploitee.rs/index.php/Western_Digital_MyCloud have not been fixed.

The version of libupnp WD uses is 1.6.6 and contains multiple buffer overflow vulnerabilites (CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965) and needs to be updated to version 1.6.18.

Additionally, the Twonky server web console has no protection on MyCloud. You can see this by visiting http://your_nas_ip:9000/.

I know this is cheap quality consumer grade hardware but these vulnerabilities are unacceptable and undermines any of the security features advertised.

Is there an ETA for each of these items to be fixed? OpenVAS came back with other vulnerabilities but the ones listed above will lead to remote compromise and that’s what I can’t accept.

In the meantime, while we’re vulnerable I’d like to setup additional logging and monitoring. Does MyCloud support logging web access and general syslog to a remote syslog server? Thanks.

1 Like

@nyc Are you talking about a My Cloud EX4, if yes, then you need to post to this forum.

https://community.wd.com/c/network-attached-storage/wd-my-cloud-ex4

Yep, thanks for helping me find the right place. I created a post here Hacking into a fully patched MyCloud EX4 for anyone interested.