Hardcoded Backdoor Found In WD My Cloud NAS With Username “MyDlink”


In yet another revelation of severe loopholes, a security researcher James Bercegay from Gulftech has discovered a backdoor in some models of the My Cloud NAS (Network-attached storage) drive family, manufactured by Western Digital.

Advertisement

According to the blog post, the vulnerabilities, which include a hardcoded backdoor, can be used to access files even on a password-protected My Cloud NAS drive and also perform remote code execution. The researcher spotted an unalterable admin account having the username “mydlinkBRionyg” and password ” abc12345cba” that can be used to access an affected NAS drive anytime.

The presence of “mydlink” in the username was enough to spark concerns, and after some investigation, the researcher realized that in the past it shared code with D-Link Share Center.

“It is interesting to think about how before D-Link updated their software two of the most popular NAS device families in the world, sold by two of the most popular tech companies in the world were both vulnerable at the same time, to the same backdoor for a while.”

According to the researcher, D-Link has already closed the backdoor years ago in 2014. WD issued firmware updates in November (firmware 2.30.172) last year after being notified about the backdoor six months earlier. The researcher had to wait till January as a part of the non-disclosure.

The list of affected devices include:


  • MyCloud
  • MyCloudMirror
  • My Cloud Gen 2
  • My Cloud PR2100
  • My Cloud PR4100
  • My Cloud EX2 Ultra
  • My Cloud EX2
  • My Cloud EX4
  • My Cloud EX2100
  • My Cloud EX4100
  • My Cloud DL2100
  • My Cloud DL4100

Bercegay calls the exploitation of the vulnerabilities trivial which make them dangerous and even wormable. “An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag makes a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as “wdmycloud” and “wdmycloudmirror” etc.”


You can read more on the researcher’s blog post.

Also Read: WPA3 Released To Fill KRACKs Of The Wi-Fi WPA2 Protocol

How to Install:

1.) Download PPSSPP.apk 2.) Then download PSP(PPSSPP) rom. 3.) Run PPSSPP app and select your Tekken 6 rom. 4.) Play and enjoy the game.

FINAL WORDS

: At the present, more than 1600 free PSP, PPSSPP games are loaded on the Website and it has still been in process of building, finishing the contents, so I hope that most of free PSP, PPSSPP games could be updated as soon as possible. Introducing it to people by sharing its link for your friends, family members who own PSP, PPSSPP through out Facebook, and other website. Subscribe now!

Subscribe to Our Newsletter via Email

Enter your email address to subscribe to this blog and receive notification updates on latest Android and iOS PPSSPP Games releases and Download links directly in your inbox by email.

Join 8,329 other subscribers

Leave a Reply