(Western Digital) WD My Cloud Command Injection | CSRF Vulnerabilities (Western Digital) WD My Cloud Command Injection | CSRF Vulnerabilities

Home  |  Resources  |  WD My Cloud Command

WD My Cloud Command Injection – Remote Root with WebRTC

Versprite ● September 15, 2015

< Back to Blog Home

Western Digital My Cloud Command Injection

The WD My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 suffer from command injection and cross-site request forgery (“CSRF”) vulnerabilities. These and a number of other issues have been reported to Western Digital.

As of September 11, 2015 updates are in the process of being rolled out for the My Cloud, My Cloud Mirror, EX2, DL2100, and other devices. The firmware will be made available to the general public September 21st 2015.

Offensive Minded Security Exploit Development

VerSprite's Research and Development division (a.k.a VS-Labs) is comprised of individuals who are passionate about diving into the internals of various technologies. Our clients rely on VerSprite's unique offerings of zero-day vulnerability research and exploit development to protect their assets from various threat actors. From advanced technical security training to our research for hire B.O.S.S offering, we help organizations solve their most complex technical challenges. Learn more →

We are an international squad of professionals working as one.