Security News > 2023 > June > Western Digital boots outdated NAS devices off of My Cloud

Western Digital boots outdated NAS devices off of My Cloud
2023-06-16 16:03

Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202.

"Devices on firmware below 5.26.202 will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will not be able to access data on their device through mycloud.com and the My Cloud OS 5 mobile app until they update the device to the latest firmware," explains a Western Digital support bulletin.

My Cloud is a service that connects Network Attached Storage devices to Western Digital's cloud service, allowing users to store, access, backup, and share media from the web.

Arbitrary code execution may even lead to ransomware being deployed on the devices, which we have seen impacting NAS devices multiple times in the recent past.

CVE-2022-36327: Critical severity path traversal flaw allowing an attacker to write files to arbitrary filesystem locations, leading to unauthenticated remote code execution on My Cloud devices.

To learn more about updating the firmware on your My Cloud device, check Western Digital's instructions.


News URL

https://www.bleepingcomputer.com/news/security/western-digital-boots-outdated-nas-devices-off-of-my-cloud/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2022-36327 Path Traversal vulnerability in Westerndigital products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.
network
low complexity
westerndigital CWE-22
critical
9.8