Western Digital's network attached storage solutions have a newfound vulnerability allowing for unrestricted root access.
James Bercegay disclosed the vulnerability to Western Digital in mid-2017. After allowing six months to pass, the full details and proof-of-concept exploit have been published. No fix has been issued to date.
More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using "mydlinkBRionyg" as the administrator username and "abc12345cba" as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands.
Owners of Western Digital NAS drives are not safe on local area networks, either. Specially crafted HTML image and iFrame tags can be used on websites to make requests to devices on a local network using predictable host names. No user interaction is required other than visiting a malicious webpage.
Affected models include My Cloud Gen 2, My Cloud EX2, My Cloud EX2 Ultra, My Cloud PR2100, My Cloud PR4100, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100. A Metasploit module has also been publicly released, making is very easy for almost anyone to take advantage of Western Digital drives.
It is advised to disconnect any affected drives from your local area network and block it from having Internet access until a patch can be issued.