The WD My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from command injection and cross-site request forgery (“CSRF”) vulnerabilities. These and a number of other issues have been reported to Western Digital.
As of September 11, 2015 updates are in the process of being rolled out for the My Cloud, My Cloud Mirror, EX2, DL2100, and other devices. The firmware will be made available to the general public September 21st 2015.
The foundation of VerSprite’s penetration testing methodology is based on emulating realistic attacks by a malicious actor through the use of PASTA (Process for Attack Simulation and Threat Analysis).
VerSprite's Research and Development division (a.k.a VS-Labs) is comprised of individuals who are passionate about diving into the internals of various technologies. Our clients rely on VerSprite's unique offerings of zero-day vulnerability research and exploit development to protect their assets from various threat actors. From advanced technical security training to our research for hire B.O.S.S offering, we help organizations solve their most complex technical challenges. Learn more →