Flutterby™! : WD MyCloud backdoor

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

WD MyCloud backdoor

2018-01-08 19:44:21.511173+01 by Dan Lyke 0 comments

Western Digital My Cloud drives have a built-in backdoor.

More troubling is the existence of a hard coded backdoor with credentials that cannot be changed. Logging in to Western Digital My Cloud services can be done by anybody using "mydlinkBRionyg" as the administrator username and "abc12345cba" as the password. Once logged in, shell access is readily available followed with plenty of opportunity for injection of commands.

People are reporting that this did get fixed more recently, although nobody's sure if it got "fixed" by changing credentials, or by being removed. Speculation is that it's left over from a DLink product.

Vulnerabilities at http://gulftech.org/advisories...20Multiple%20Vulnerabilities/125

[ related topics: Interactive Drama Current Events ]

comments in ascending chronological order (reverse):