Security News > 2021 > June > Zero-Day Vulnerability Exploited in Recent Attacks on WD Storage Devices
Western Digital on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage devices involved the exploitation of a zero-day vulnerability.
The attacks came to light last week, with many owners of My Book Live and My Book Live Duo devices reporting on the WD Community forum that a factory reset had been initiated on their devices, which resulted in all files being erased.
WD initially said the attackers exploited CVE-2018-18472, an old flaw that allows a remote attacker who knows the targeted device's IP address to execute arbitrary commands with root privileges.
CVE-2018-18472 has been exploited to install malware on vulnerable NAS devices and CVE-2021-35941 has been leveraged to reset them to factory settings - in some cases both flaws were apparently exploited by the same attacker.
Censys, a company that provides internet visibility and risk assessment products, has also analyzed the attacks and said that CVE-2018-18472 is being exploited to deliver a script that installs and executes malware, causing the compromised device to join a botnet.
The company will also offer a trade-in program to help customers upgrade to newer devices that are not vulnerable to these attacks.
News URL
Related news
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- FortiManager critical vulnerability under active attack (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-35941 | Missing Authentication for Critical Function vulnerability in Westerndigital products Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. | 7.5 |
| 2019-06-19 | CVE-2018-18472 | OS Command Injection vulnerability in Westerndigital MY Book Live Firmware Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. | 9.8 |