Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » WD My Cloud NAS devices can be hijacked by attackers

WD My Cloud NAS devices can be hijacked by attackers

2015/09/23

Help Net Security - (International) Security researchers from VerSprite discovered vulnerabilities in Western Digital My Cloud network attached storage (NAS) products' RESTful Application Program Interface (API) in which any authorized remote user can remotely execute commands and steal files belonging to other users, as well as abuse root access to the NAS in a private internal network. Researchers also discovered a separate flaw in the device's web application allowing for cross-site request forgery attacks.

Source: http://www.net-security.org/secworld.php?id=18885

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:25:19