viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
If you like the data on your WD My Cloud OS 3 device, patch it now
Technology

If you like the data on your WD My Cloud OS 3 device, patch it now

20/01/2022

If you like the data on your WD My Cloud OS 3 device, patch it now

Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS.

CVE-2021-40438, as one of the vulnerabilities is tracked, allows remote attackers with no authentication to make devices forward requests to servers of the attackers’ choosing. Like the other two flaws Western Digital fixed, it resides in the Apache HTTP Server versions 2.4.48 and earlier. Attackers have already successfully exploited it to steal hashed passwords from a vulnerable system, and exploit code is readily available.

The vulnerability with a severity rating of 9 out of a maximum 10 stems from a Server-Side Request Forgery. This class of bug lets attackers funnel malicious requests to internal systems that are behind firewalls or otherwise not accessible outside a private network. It works by inducing server-side applications to make HTTP requests to an arbitrary domain of the attacker’s choosing.

CVE-2021-39275, meanwhile, carries a severity rating of 9.8 out of a possible score of 10. It allows remote attackers to crash vulnerable systems and possibly execute malicious code. Two additional vulnerabilities—CVE-2021-36160 and CVE-2021-34798—make it possible to remotely crash vulnerable systems.

Advertisement

Apache released patches for the vulnerabilities last October. Why the disk maker took four months to incorporate them into its disk OS is not clear.

Many people are often slow to patch vulnerabilities in periphery devices such as network-attached storage devices, which run Western Digital’s My Cloud proprietary operating system. That would be a mistake in this case. In June, Western Digital advised users of a different product, the My Book Live, to immediately unplug the devices from the Internet. Meanwhile, the company responded to what later turned out to be the mass exploitation of a zero-day vulnerability.

Last year, Western Digital laid out a schedule for phasing out use of My Cloud OS 3. Starting earlier this week, users of the older OS with devices that are compatible with the current OS version 5 were required to update to the new version. If they didn’t, the users would no longer be able to connect to the devices over the Internet, receive security updates, or get technical support. On April 15, support for version 3 will end completely. Devices that aren’t compatible with version 5 by then will lose remote access, meaning they will only be able to access files over local networks.

“We recommend that all eligible users upgrade to My Cloud OS 5 immediately to benefit from the latest security fixes,” Western Digital said in an advisory. Instructions for upgrading are here.

Listing image by followtheseinstructions / Flickr

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Identity-as-a-service provider Auth0 raises $120 million at a $1.92 billion valuation
Take the latest VB Survey to share how your company …

Identity-as-a-service provider Auth0 raises $120 million at a $1.92 billion valuation

New York Times acquires Audm, whose narrators turn long-form journalism into audio
The New York Times has acquired Audm, a subscription audio …

New York Times acquires Audm, whose narrators turn long-form journalism into audio

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Launch your product at Transform 2020 — The AI event for enterprise decision makers
    Launch your product at Transform 2020 — …
    29/01/2020
  • Alleged Oculus Quest S image reveals streamlined design, strap changes
    Facebook is killing Oculus accounts, starting in …
    18/08/2020
  • Google taps AI to improve news results in Search
    Google open-sources Pigweed, a collection of microcontroller …
    19/03/2020
  • New data set helps train cars to drive autonomously in winter weather
    New data set helps train cars to …
    04/02/2020
  • Ajit Pai caves to SpaceX but is still skeptical of Musk’s latency claims
    Amazon investing $10 billion to compete against …
    31/07/2020

Popular Posts

  • Omnipotent BMCs from QCT remain vulnerable to critical Pantsdown threat
    Omnipotent BMCs from QCT remain vulnerable to …
    26/05/2022 0
  • Russia wages “relentless and destructive” cyberattacks to bolster Ukraine invasion
    Russia wages “relentless and destructive” cyberattacks to …
    27/04/2022 0
  • 10 of the Most Random Reality Shows …
    28/04/2022 0
  • 10 More Modern Conveniences That Met with …
    28/04/2022 0
  • One of the most powerful DDoSes ever targets cryptocurrency platform
    One of the most powerful DDoSes ever …
    28/04/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh