In Western Digital My Cloud OS 5 devices, a critical security vulnerability has been identified, which could allow attackers to remotely execute code through reverse shell methods.
The vulnerability is caused by a command that reads data from a privileged position without adequately cleaning it before creating a system command. The vulnerability affects several Western Digital solutions, including My Cloud PR2100, My Cloud PR4100, My Cloud EX4100, My Cloud EX2 Ultra, My Cloud Mirror G2, My Cloud DL2100, My Cloud DL4100, My Cloud EX2100, My Cloud, and WD Cloud.
Western Digital has released update
The company has released firmware version 5.26.119 to address the vulnerability, and it is recommended that users apply the update as soon as possible to avoid potential targeted attacks.