Security News > 2021 > June > Zero-Day Vulnerability Exploited in Recent Attacks on WD Storage Devices
Western Digital on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage devices involved the exploitation of a zero-day vulnerability.
The attacks came to light last week, with many owners of My Book Live and My Book Live Duo devices reporting on the WD Community forum that a factory reset had been initiated on their devices, which resulted in all files being erased.
WD initially said the attackers exploited CVE-2018-18472, an old flaw that allows a remote attacker who knows the targeted device's IP address to execute arbitrary commands with root privileges.
CVE-2018-18472 has been exploited to install malware on vulnerable NAS devices and CVE-2021-35941 has been leveraged to reset them to factory settings - in some cases both flaws were apparently exploited by the same attacker.
Censys, a company that provides internet visibility and risk assessment products, has also analyzed the attacks and said that CVE-2018-18472 is being exploited to deliver a script that installs and executes malware, causing the compromised device to join a botnet.
The company will also offer a trade-in program to help customers upgrade to newer devices that are not vulnerable to these attacks.
News URL
Related news
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-35941 | Missing Authentication for Critical Function vulnerability in Westerndigital products Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an administrator API that can perform a system factory restore without authentication, as exploited in the wild in June 2021, a different vulnerability than CVE-2018-18472. | 5.0 |
| 2019-06-19 | CVE-2018-18472 | OS Command Injection vulnerability in Westerndigital MY Book Live Firmware Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. | 10.0 |