Western Digital My Cloud flaws allows local attacker to gain root access to the devices

Trustwave disclosed two vulnerabilities in Western Digital My Cloud network storage devices could be exploited by a local attacker to gain root access to the NAS devices.

Researchers at Trustwave disclosed two new vulnerabilities in Western Digital My Cloud network storage devices could be exploited by a local attacker to delete files stored on devices or to execute shell commands as root.

The two Western Digital My Cloud flaws are an arbitrary command execution vulnerability and an arbitrary file deletion issue. The arbitrary command execution vulnerability affects the common gateway interface script “nas_sharing.cgi” that allows a local user to execute shell commands as root. Hardcoded credentials allows any users to authenticate to the device using the username “mydlinkBRionyg.”

“The first finding was discovering hardcoded administrator credentials in the nas_sharing.cgibinary. These credentials allow anyone to authenticate to the device with the username “mydlinkBRionyg”.” states the analysis published by Trustwave. “Considering how many devices are affected this is very serious one. Interestingly enough another researcher independently released details on the same issue less than a month ago.”

The arbitrary file deletion vulnerability is also tied to the common gateway interface script “nas_sharing.cgi”.

“Another problem I discovered in nas_sharing.cgi is that it allows any user execute shell commands as root. To exploit this issue the “artist” parameter can be used.” continues the analysis.

Chaining the two flaws it is possible to execute commands as root, a local attacker could log in using the hardcoded credentials and executing a command that is passed inside the “artist” parameter using base64 encoding.

The Western Digital models affected are My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100.

Trustwave reported the issues to Western Digital in 2017, according to the researchers the flaws are addressed with the firmware (version 2.30.172 ) update, released on Nov. 16, 2017.

“As a reminder, we urge customers to ensure the firmware on their products is always up to date; enabling automatic updates is recommended. We also urge you to implement sound data protection practices such as regular data backups and password protection, including to secure your router when you use a personal cloud or network-attached storage device.” recommends Western Digital.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Western Digital My Cloud, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]