Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability in Western Digital’s My Cloud devices has been identified. An unchecked buffer in the Dynamic DNS client allows attackers to execute arbitrary code.
This vulnerability, designated as CVE-2024-22170, carries a CVSS score of 9.2, indicating a high-severity threat.
The flaw resides in the Dynamic DNS client and can be exploited through a Man-in-the-Middle (MitM) attack.
The vulnerability affects a range of My Cloud devices, including the My Cloud EX2 Ultra, My Cloud EX4100, My Cloud PR2100, My Cloud PR4100, My Cloud, My Cloud Mirror G2, My Cloud EX2100, My Cloud DL2100, My Cloud DL4100, and WD Cloud.
Users are strongly urged to update their devices to My Cloud OS 5 Firmware version 5.29.102 to protect against potential exploitation.
Western Digital has addressed the vulnerability in the latest firmware update, which includes improvements to enhance the security of My Cloud OS 5 devices.
The company has thanked Claroty Research—Team82—Noam Moshe, working with Trend Micro Zero Day Initiative, for responsibly disclosing this vulnerability.
The potential impacts of this vulnerability are severe, including unauthorized access to sensitive information, modification or corruption of data, and system crashes or unavailability.
Given the critical nature of this vulnerability, users are advised to update their devices immediately and consider additional security measures such as network segmentation and regular system log monitoring.
Affected Devices and Recommended Actions:
Users are encouraged to take immediate action to protect their devices and data from potential exploitation.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code
Author: Guru BaranA critical vulnerability in Western Digital’s My Cloud devices has been identified. An unchecked buffer in the Dynamic DNS client allows attackers to execute arbitrary code.
This vulnerability, designated as CVE-2024-22170, carries a CVSS score of 9.2, indicating a high-severity threat.
The flaw resides in the Dynamic DNS client and can be exploited through a Man-in-the-Middle (MitM) attack.
The vulnerability affects a range of My Cloud devices, including the My Cloud EX2 Ultra, My Cloud EX4100, My Cloud PR2100, My Cloud PR4100, My Cloud, My Cloud Mirror G2, My Cloud EX2100, My Cloud DL2100, My Cloud DL4100, and WD Cloud.
Users are strongly urged to update their devices to My Cloud OS 5 Firmware version 5.29.102 to protect against potential exploitation.
Western Digital has addressed the vulnerability in the latest firmware update, which includes improvements to enhance the security of My Cloud OS 5 devices.
The company has thanked Claroty Research—Team82—Noam Moshe, working with Trend Micro Zero Day Initiative, for responsibly disclosing this vulnerability.
The potential impacts of this vulnerability are severe, including unauthorized access to sensitive information, modification or corruption of data, and system crashes or unavailability.
Given the critical nature of this vulnerability, users are advised to update their devices immediately and consider additional security measures such as network segmentation and regular system log monitoring.
Affected Devices and Recommended Actions:
- My Cloud EX2 Ultra : Update to firmware version 5.29.102
- My Cloud EX4100 : Update to firmware version 5.29.102
- My Cloud PR2100 : Update to firmware version 5.29.102
- My Cloud PR4100 : Update to firmware version 5.29.102
- My Cloud : Update to firmware version 5.29.102
- My Cloud Mirror G2 : Update to firmware version 5.29.102
- My Cloud EX2100 : Update to firmware version 5.29.102
- My Cloud DL2100 : Update to firmware version 5.29.102
- My Cloud DL4100 : Update to firmware version 5.29.102
- WD Cloud : Update to firmware version 5.29.102
Users are encouraged to take immediate action to protect their devices and data from potential exploitation.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
