American Computer Data Storage Company Western Digital (WD) has rolled out a fix to a security flaw found in its popular ‘MyCloud’ Network Attached Storage (NAS) devices. Thus, the software update allows the Western Digital NAS device users stop the hackers from exploiting a backdoor that can allow them to upload any file to the server that they choose to exfiltrate info and spread malware.
In June 2017, a GulfTech researcher named James Bercegay discovered vulnerability on WD NAS devices that allowed hackers to log into them using a predetermined username and password that cannot be changed or modified as per the user’s choice.
Moreover, other vulnerabilities like Command Injection, cross-site request forgery, and unrestricted file upload flaws were also found by Bercegay on the NAS devices of Western Digital.
The affected WD NAS models include – MyCloud, MyCloudMirror, My Cloud Gen 2, My Cloud PR2100, My Cloud PR4100, MyCloud EX2 Ultra, My Cloud Ex2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100.
As soon as James notified the issue to WD, the authorities of renowned California based data storage firm took a note of it and addressed it by issuing a v2.30.172 firmware update now.
Western Digital is requesting all its customers to update to the latest version of the firmware in order to avoid being affected. The company is also urging its customers to take up data protection practices such as maintaining regular data backups and keeping the NAS connecting routers protected with efficient passwords.
Note- Western Digital owns other two data storage companies named HGST and SanDisk as business subsidiaries.
