A major security flaw has been found in Western Digital’s My Cloud devices, which could let hackers take control of your system. The issue is a bug in the Dynamic DNS (Domain Name System) client that, if left unchecked, could allow attackers to run harmful code on your device.
This vulnerability, officially labeled CVE-2024-22170, has a severity score of 9.2 out of 10, which means it poses a serious risk.
How Hackers Can Exploit This Flaw
The problem lies in the Dynamic DNS client, which is used to update your device’s IP address. If an attacker can intercept these updates using a Man-in-the-Middle (MitM) attack, they can send harmful code that triggers a buffer overflow. This would allow them to run any code they want on your device without your permission.
The vulnerability affects many popular My Cloud models, including:
- My Cloud EX2 Ultra
- My Cloud EX4100
- My Cloud PR2100
- My Cloud PR4100
- My Cloud
- My Cloud Mirror G2
- My Cloud EX2100
- My Cloud DL2100
- My Cloud DL4100
- WD Cloud
What You Should Do
If you have one of the affected devices, it’s crucial that you update your firmware to version 5.29.102 as soon as possible. Western Digital has already released this update to fix the problem and improve security.
To stay safe, follow these steps:
- Update your firmware: Make sure your device is running My Cloud OS 5 Firmware version 5.29.102.
- Monitor your network: Keep an eye on your system logs and check for unusual activity.
- Consider network segmentation: This means separating your device from other parts of your network to limit access in case of an attack.
Western Digital has acknowledged the researchers from Claroty’s Team82 and Trend Micro’s Zero Day Initiative for finding and reporting this issue responsibly.
The Dangers of Ignoring This Flaw
If this vulnerability is exploited, the consequences can be serious. Hackers could gain unauthorized access to your private data, tamper with your files, or even crash your system entirely. That’s why it’s important to act quickly and take the necessary precautions.
Affected Devices and Recommended Action
Here’s a quick rundown of the devices affected and the action required:
- My Cloud EX2 Ultra: Update to firmware version 5.29.102
- My Cloud EX4100: Update to firmware version 5.29.102
- My Cloud PR2100: Update to firmware version 5.29.102
- My Cloud PR4100: Update to firmware version 5.29.102
- My Cloud: Update to firmware version 5.29.102
- My Cloud Mirror G2: Update to firmware version 5.29.102
- My Cloud EX2100: Update to firmware version 5.29.102
- My Cloud DL2100: Update to firmware version 5.29.102
- My Cloud DL4100: Update to firmware version 5.29.102
- WD Cloud: Update to firmware version 5.29.102
By taking these steps, you can protect your data and prevent any unwanted attacks on your system.