As I was looking for more information about CVE-2018-18472 , I noticed that the exploit was already known in March 2014 ! ( WDMyCloud Command Injection CSRF · GitHub ) So, there was a root-command-injection exploit online while the MyBookLive devices were still supported, and WD did nothing?!
2 Likes
