1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • WD patches NAS security flaw which could have allowed full takeov

    From TechnologyDaily@1337:1/100 to All on Wed Oct 1 15:30:08 2025
    WD patches NAS security flaw which could have allowed full takeover

    Date:
    Wed, 01 Oct 2025 14:13:00 +0000

    Description:
    Multiple versions are affected, and there don't appear to be any workarounds.

    FULL STORY ======================================================================Western Digital patches critical RCE flaw CVE-2025-30247 in multiple My Cloud NAS models Vulnerability exploited via crafted HTTP POST requests targeting the
    My Cloud user interface End-of-life models wont receive updates; users urged to patch or migrate to newer devices

    Data storage giant Western Digital just fixed a critical-severity vulnerability that was discovered in multiple My Cloud NAS models.

    In a security advisory, the company said it was tipped off about an OS
    command injection flaw in the My Cloud user interface, that could be abused through specially crafted HTTP POST requests sent to vulnerable devices.

    The attack would grant the threat actors remote code execution (RCE) capabilities - it is tracked as CVE-2025-30247, and was given a severity
    score of 9.3/10 (critical). Here is a full list of the affected models:

    My Cloud PR2100
    My Cloud PR4100
    My Cloud EX4100
    My Cloud EX2 Ultra
    My Cloud Mirror Gen 2
    My Cloud DL2100
    My Cloud EX2100
    My Cloud DL4100
    My Cloud WDBCTLxxxxxx-10 End of life

    My Cloud DL4100 and My Cloud DL2100 are two models that have reached their end-of-life status, and as such will not be getting an update.

    Users are advised to migrate to a newer model, and then apply the firmware patch to bring the device to version 5.31.108.

    Default settings allow for automatic patch management, but Western Digital still urges users to double-check the version they are running.

    Alternatively, they can take the device offline until they install the patch, but in that case, cloud service features will not be available.

    The devices make a line of personal cloud storage solutions, used mostly for backing up multimedia and documents, streaming it to smart TVs and mobile devices, or sharing with other people.

    My Cloud is primarily designed for personal use but there are some models (mostly those in the EX and PR series) that come with RAID support, multiple drive bays, and enhanced user management, which also makes them somewhat suitable for small offices or prosumer environments.

    Via BleepingComputer You might also like Exposed: fake 'new' hard drives
    sold on Amazon were hiding recycled parts from over a decade ago Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/wd-patches-nas-security-flaw-which-coul d-have-allowed-full-takeover


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)