WDMyCloud Multiple Vulnerabilities
James Bercegay (via Hacker News):
WD My Cloud is a personal cloud storage unit to organize your photos and videos. It is currently the best selling NAS (network attached storage) device listed on the amazon.com website, and is used by individuals and businesses alike. It’s purpose is to host your files, and it also has the ability to sync them with various cloud and web based services.
[…]
The WDMyCloud device is vulnerable to an unrestricted file upload vulnerability within the following file[…]
[…]
As you can see in the above code, the login functionality specifically looks for an admin user named “mydlinkBRionyg” and will accept the password of “abc12345cba” if found. This is a classic backdoor.
[…]
By sending a request like the one above a remote attacker could now execute any commands as root.
[…]
The triviality of exploiting this issues makes it very dangerous, and even wormable. Not only that, but users locked to a LAN are not safe either. An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag make a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as “wdmycloud” and “wdmycloudmirror” etc.
