Any company with a NAS server that has access to the internet using Western digital My Cloud.
It was discovered a vulnerability in Western Digital My cloud that allows attackers to gain admin permissions and gain access to the information stored on the NAS server.
Western Digital haven’t launched yet a security patch that solves this problem, so it’s recommended that all affected users disconnect their NAS server.
Would you like to know the latest information about our news? Come and try subscribing to our boards or the twitter profile @ProtegeEmpresa You will be the first to know about any security news and updates.
When a NAS server has access to the internet via Western digital My cloud, a remote attacker could create an authorized session by modifying the request made by the server to evade security and give themselves admin permissions. Once the have the permissions, they can access to the NAs server and execute commands like upload or download archives.