More WD storage devices affected by weird security issues

A third-party security patch promises to seal the issue

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have unearthed a remote code execution flaw in Western Digitalnetwork-attached storage (NAS)devices that run MyCloud OS 3, anoperating systemno longer supported by the company.

Reporting on the findings of researchers Radek Domanski and Pedro Ribeiro, Brian Krebswritesthat WD claims the vulnerability was automatically fixed last year with the release of MyCloud OS 5.

Crucially, however, Krebs notes that in their correspondence, WD ignored questions about whether the flaw was ever addressed in MyCloud OS 3.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

Fixing the bug in the old release is important, since according to WD’ssupport statementnot all MyCloud OS 3 devices are eligible for upgrade to MyCloud OS 5.

Old vulnerabilities

According to the researchers, who’veposted a videodetailing the vulnerability, they managed to update the firmware of a MyCloud OS 3-equipped device with a malicious backdoor through a low-privileged user that has a blank password.

The researchers claimed that WD never responded to their report of the vulnerability, though the company, in their response to Krebs, claims it was because of a miscommunication.

In a statement toComparitech last year, WD said that users who can’t update to MyCloud OS 5 should turn off remote dashboard access to the device, reportsThe Verge, hinting that the company never got around to fixing the issue.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Meanwhile, the researchers have released a fix for the vulnerability in MyCloud OS 3, and WD tells Krebs that it is aware of third parties offering security patches for the officially unsupported OS.

WD has had unfortunate run-ins with old vulnerabilities in unsupported devices, of late. Last week, adecade old unpatched vulnerabilityled to several users losing their data as theirMy BookNAS devices were factory reset in an ongoingmalwarecampaign.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

‘That was never the plan’: Arcane creators dismiss claims that the hit Netflix show was going to run for five seasons