Intrusion Prevention

Western.Digital.MyCloud.Multiple.Remote.Command.Execution

Description

This indicates an attack attempt against a remote Code Execution vulnerability in MyCloud Devices.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

Affected Products

My Cloud
My Cloud Gen 2
My Cloud Mirror
My Cloud PR2100
My Cloud PR4100
My Cloud EX2 Ultra
My Cloud EX2
My Cloud EX4
My Cloud EX2100
My Cloud EX4100
My Cloud DL2100
My Cloud DL4100

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://support.wdc.com/downloads.aspx?g=911&lang=en#firmware