WD My Clown OS (Severity 9.8/10)
Western Digital My Cloud OS update fixes critical vulnerability
The vulnerability, which has a CVSS v3 severity score of 9.8, allows remote attackers to execute arbitrary code on the target device, in this case, WD PR4100 NAS, without requiring authentication.
Western Digital customers urged to update to latest version of My Cloud OS
Western Digital has pushed a new firmware update for its My Cloud OS, fixing a high- severity vulnerability that was discovered during a recent hacking contest.
As reported by BleepingComputer, cybersecurity experts from the NCC Group exploited a flaw in Netatalk Service, an open-source implementation of the Apple Filing Protocol (AFP) that allows for Unix-like operating systems to serve as file servers for macOS clients.
The flaw, now tracked as CVE-2022-23121, carries a severity score of 9.8/10, as it allows threat actors to run any code on the target endpoint, without authentication.
WD My Cloud Users Should Update to Avoid a Dangerous Vulnerability – Review Geek [Ed: My Cloud? My clown? Whose clown? Everyone gets access...]
Western Digital just rolled out a My Cloud OS update that resolves a dangerous remote access vulnerability. All My Cloud users should install the firmware update (version 5.19.117) to defend themselves from remote hacking attempts.
