WD is happy to release the My Cloud EX2 firmware version 2.12.127.
2.12.127 Release Notes
• Resolved multiple command injection vulnerabilities including CVE-2016-10108 and CVE 2016-10107.
• Resolved multiple cross site request forgery (CSRF) vulnerabilities.
• Resolved a Linux kernel Dirty Cow vulnerability (CVE-2016-5195).
• Resolved multiple denial-of-service vulnerabilities.
• Improved security by disabling SSH shadow information.
• Resolved a buffer overflow issue that could lead to unauthenticated access.
• Resolved a click-jacking vulnerability in the web interface.
• Resolved multiple security issues in the Webfile viewer on-device app.
• Improved the security of volume mount options.
• Resolved multiple security issues in the EULA onboarding flow.
• Resolved leakage of debug messages in the web interface.
• Improved credential handling for the remote MyCloud-to-MyCloud backup feature.
• Improved credential handling for upload-logs-to-support option.
• Apache -v2.4.34
• PHP -v5.4.45
• OpenSSH -v7.5p1
• OpenSSL -v1.0.1u
• libupnp -v1.6.25 (CVE-2012-5958)
• jQuery -v3.3.1 (CVE-2010-5312)
Other Bug Fixes
• Resolved high CPU utilization with ufraw-batch process.
• Improved remote host port handling
2.11.169 Release Notes
- Resolved security vulnerability (CVE-2017-17560) - Unauthorized access to multipart upload functionality.