Intrusion Prevention

Western.Digital.MyCloud.multi_uploadify.Arbitrary.File.Upload

Description

This indicates an attack attempt to exploit a File Upload Vulnerability in Western Digital MyCloud.
The vulnerability is due to an input validation error while parsing a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of the target application, via a crafted HTTP request.

Affected Products

Western Digital MyCloud
Western Digital My Cloud Gen 2
Western Digital My Cloud Mirror
Western Digital My Cloud PR2100
Western Digital My Cloud PR4100
Western Digital My Cloud EX2 Ultra
Western Digital My Cloud EX2
Western Digital My Cloud EX4
Western Digital My Cloud EX2100
Western Digital My Cloud EX4100
Western Digital My Cloud DL2100
Western Digital My Cloud DL4100

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://support.wdc.com/downloads.aspx?g=911&lang=en#firmware

CVE References

CVE-2017-17560