Already a year, as in the WD My Cloud's home network storage, gaping hole

    image
    Comic xkcd

    A popular vulnerability (CVE-2018-17153) has been discovered by My Digital’s popular My Cloud home storage network (CVE-2018-17153), which allows an attacker to bypass the authentication mechanism and create an administrative session tied to its IP address.

    UPD The survey shows that almost every fourth Habr's reader is literally within walking distance from the vulnerable device.

    Remco Vermelen, an information security researcher, revealed all the details of the vulnerability in popular Western Digital My Cloud devices. The expert went to this step when the company, after several appeals, did not close the gap 15 months later.

    Vermelen informed the manufacturer about the problem back in April 2017, but at some point the company interrupted contact with the researcher for some unknown reason. Usually, “white” hackers give companies 90 days to close a detected vulnerability, but in our history, expectation is clearly sunk.



    To enter the device’s web interface, it was enough to send a request to the /cgi-bin/network_mgr.cgi script , after setting the cookie “username = admin” , so that the system could provide administrative access to bypass the password request. The next step is to perform a POST request “cmd = cgi_get_ipv6 & flag = 1” , which will generate a session key and ensure that the session will continue with the ability to access other scripts with administrator rights. A successful attack gives you complete control over device settings, as well as the ability to read, write, and delete any data stored on the device.


    The expert writes that the problem was found in the course of reverse engineering of CGI binary files. It reproduced the vulnerability on the My Cloud model WDBCTL0020HWT with firmware version 2.30.172, but assumes that the vulnerability is not limited to this model, since all My Cloud products seem to use the same vulnerable software.

    Users are strongly advised to restrict access to the MyCloud web interface to the list of trusted addresses, as well as to deactivate the access function from public networks (Settings-> General-> Cloud Access). Out of the box, the Dashboard Cloud Access mode is disabled, but the attack is also possible from the local network.

    By the way, on Habré there is a review of My Cloud 2 tb .

    Only registered users can participate in the survey. Sign in , please.

    Have you dealt with My Cloud from Western Digital?

    • 34.9% have not heard of such 64
    • 37.1% saw their ads 68
    • 8.7% from friends or relatives 16
    • 3.2% is used as a server at work or in the office 6
    • 3.2% used before 6
    • 12.5% actively use now at home 23
    183 users have voted. Abstained 42 users.
    Tags:

    Also popular now: