Description of vulnerabilities: WDMyCloud Multiple Vulnerabilities
- More details on unrestricted file upload vulnerability: https://www.exploitee.rs/index.php/Western_Digital_MyCloud#.2Fjquery.2Fuploader.2Fmulti_uploadify.php_.28added_08.2F06.2F2017.29
- Metasploit for file upload vulnerability: https://packetstormsecurity.com/files/145447/wd_mycloud_multiupload_upload.rb.txt
Both critical vulnerabilities (the hard-coded backdoor and the file upload vulnerability) have been corrected as of 2018-01-12 with the following firmwares:
My Cloud device | Firmware |
---|