{"id":20218,"date":"2018-01-17T15:10:14","date_gmt":"2018-01-17T20:10:14","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=20218"},"modified":"2021-07-06T17:16:45","modified_gmt":"2021-07-06T21:16:45","slug":"wdmycloud-multiple-vulnerabilities","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2018\/01\/17\/wdmycloud-multiple-vulnerabilities\/","title":{"rendered":"WDMyCloud Multiple Vulnerabilities"},"content":{"rendered":"<p><a href=\"http:\/\/gulftech.org\/advisories\/WDMyCloud%20Multiple%20Vulnerabilities\/125\">James Bercegay<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=16083337\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"http:\/\/gulftech.org\/advisories\/WDMyCloud%20Multiple%20Vulnerabilities\/125\"><p>WD My Cloud is a personal cloud storage unit to organize your photos and \nvideos. It is currently the best selling NAS (network attached storage)\ndevice listed on the amazon.com website, and is used by individuals and\nbusinesses alike.  It&rsquo;s purpose is to host your files, and it also has the\nability to sync them with various cloud and web based services.<\/p><p>[&#8230;]<\/p><p>The WDMyCloud device is vulnerable to an unrestricted file upload \nvulnerability within the following file[&#8230;]<\/p><p>[&#8230;]<\/p><p>As you can see in the above code, the login functionality specifically\nlooks for an admin user named &ldquo;mydlinkBRionyg&rdquo; and will accept the password\nof &ldquo;abc12345cba&rdquo; if found. This is a classic backdoor.<\/p><p>[&#8230;]<\/p><p>By sending a request like the one above a remote attacker could now execute\nany commands as root.<\/p><p>[&#8230;]<\/p><p>The triviality of exploiting this issues makes it very dangerous, and even\nwormable. Not only that, but users locked to a LAN are not safe either. An\nattacker could literally take over your WDMyCloud by just having you visit\na website where an embedded iframe or img tag make a request to the \nvulnerable device using one of the many predictable default hostnames for\nthe WDMyCloud such as &ldquo;wdmycloud&rdquo; and &ldquo;wdmycloudmirror&rdquo; etc.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>James Bercegay (via Hacker News): WD My Cloud is a personal cloud storage unit to organize your photos and videos. It is currently the best selling NAS (network attached storage) device listed on the amazon.com website, and is used by individuals and businesses alike. It&rsquo;s purpose is to host your files, and it also has [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-07-06T21:16:48Z","apple_news_api_id":"40d3fb4f-e248-4b06-a302-95a6634d79e0","apple_news_api_modified_at":"2021-07-06T21:16:48Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AQNP7T-JISwajApWmY0154A","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,35,2095,359,48,174],"class_list":["post-20218","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-cloud","tag-exploit","tag-php","tag-security","tag-storage"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/20218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=20218"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/20218\/revisions"}],"predecessor-version":[{"id":20219,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/20218\/revisions\/20219"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=20218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=20218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=20218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}