Open vulnerabilities in WD My Cloud Feb 2015 Firmware

OpenSSL, GLIBC (GHOST), NTP

http://community.wd.com/t5/WD-My-Cloud/packagages-in-the-WD-My-Cloud-Firmware-Release-4-01-03-421-2-23/td-p/859107

Samba

http://community.wd.com/t5/WD-My-Cloud/Samba-vulnerability-CVE-2015-0240/td-p/859273

Support is informed, but this takes very long.

I disabled Cloud Access since 3 weeks, as I don’t need it right now and I don’t trust the software of the MC as it is now.

There are plenty of vulnerability scanners out there, and many misconfigured routers.

The MC is a small Linux server, and needs maintenance like every other server, too.

1 Like

I, also, have turned off Cloud Access for some time waiting for a fix. :cry: I assume WD is working on a fix, but they are very slow in doing so.

1 Like