{"id":1107,"date":"2018-01-09T18:24:32","date_gmt":"2018-01-09T10:24:32","guid":{"rendered":"https:\/\/tongwing.woon.sg\/blog\/?p=1107"},"modified":"2018-01-09T18:25:21","modified_gmt":"2018-01-09T10:25:21","slug":"wdmycloud-multiple-vulnerabilities","status":"publish","type":"post","link":"https:\/\/tongwing.woon.sg\/blog\/wdmycloud-multiple-vulnerabilities\/","title":{"rendered":"WDMyCloud Multiple Vulnerabilities"},"content":{"rendered":"<p>Either terrible security practices or malicious intent. Some security research firm found serious backdoor in a range of Western Digital MyCloud devices aimed at personal home or office users.<\/p>\n<p><a href=\"http:\/\/gulftech.org\/advisories\/WDMyCloud%20Multiple%20Vulnerabilities\/125\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-medium wp-image-1109\" src=\"https:\/\/tongwing.woon.sg\/blog\/wp-content\/uploads\/2018\/01\/WDMyCloudNAS-580x358-300x185.jpg\" alt=\"\" width=\"300\" height=\"185\" srcset=\"https:\/\/tongwing.woon.sg\/blog\/wp-content\/uploads\/2018\/01\/WDMyCloudNAS-580x358-300x185.jpg 300w, https:\/\/tongwing.woon.sg\/blog\/wp-content\/uploads\/2018\/01\/WDMyCloudNAS-580x358.jpg 580w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<blockquote><p>Several serious security issues were uncovered during my research. Vulnerabilities such as pre auth remote root code execution, as well as a hardcoded backdoor admin account which can NOT be changed. The backdoor also allows for pre auth remote root code execution on the affected device.<\/p><\/blockquote>\n<p>&#8212; <a href=\"http:\/\/gulftech.org\/advisories\/WDMyCloud%20Multiple%20Vulnerabilities\/125\">WDMyCloud Multiple Vulnerabilities <\/a><\/p>\n<p>Related:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.theinquirer.net\/inquirer\/news\/3024001\/western-digital-mycloud-vulnerability-list-grows-even-longer\">WD&#8217;s MyCloud vulnerability list grows even longer<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Either terrible security practices or malicious intent. Some security research firm found serious backdoor in a range of Western Digital MyCloud devices aimed at personal home or office users. Several serious security issues were uncovered during my research. Vulnerabilities such as pre auth remote root code execution, as well as a hardcoded backdoor admin account [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,10],"tags":[],"_links":{"self":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1107"}],"collection":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/comments?post=1107"}],"version-history":[{"count":3,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1107\/revisions"}],"predecessor-version":[{"id":1111,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/posts\/1107\/revisions\/1111"}],"wp:attachment":[{"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/media?parent=1107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/categories?post=1107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tongwing.woon.sg\/blog\/wp-json\/wp\/v2\/tags?post=1107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}