Security News > 2021 > June > Hackers use zero-day to mass-wipe My Book Live devices

Hackers use zero-day to mass-wipe My Book Live devices
2021-06-29 21:28

A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss.

A report by Censys CTO Derek Abdine revealed that the latest firmware for My Book Live devices contained a zero-day vulnerability that allowed a remote attacker to perform factory resets on Internet-connected devices.

From research conducted by Abdine, threat actors have been mass-exploiting the 2018 CVE-2018-18472 remote code execution vulnerability to infect publicly exposed My Book Live devices and add them into a botnet.

Once enlisted in the botnet, the threat actors could remotely use the My Book Live NAS devices to potentially perform DDoS attacks, attack other devices, execute commands, or even steal files.

While we now have some insight into the various attacks targeting the My Book Live devices, we do not have a motive for a threat actor performing mass-wipes of the NAS devices.

For now, users should prevent their My Book Live devices from being publicly accessible and only use them on their local network or behind a VPN. BleepingComputer has reached out to Western Digital to see if they would be releasing a patch for this vulnerability, which is unlikely as the devices have been unsupported for six years.


News URL

https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devices/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2018-18472 OS Command Injection vulnerability in Westerndigital MY Book Live Firmware
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter.
network
low complexity
westerndigital CWE-78
critical
 9.8
9.8