Bnbdrwd

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 versions prior to 2.31.183 **Description** The issue allows for code execution as root, starting from a low-privilege user session. This occurs due to the `cgi-bin/webfile mgr.cgi` file permitting arbitrary file write by exploiting symlinks. The vulnerability can be triggered by uploading a tar archive containing a symbolic link, followed by uploading another archive that writes a file to the link using the `cgi untar` command. The `name` parameter passed to the `cgi unzip` command is not sanitized, leading to code execution. **Recommendations** For Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 versions prior to 2.31.183, update to firmware version 2.31.183 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cgi-bin/webfile mgr.cgi` file and the `cgi untar` command to minimize the risk of exploitation. Avoid using the `name` parameter in the `cgi unzip` command until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 versions prior to 2.31.174 **Description** The issue allows for an authentication bypass. It is related to the login mgr.cgi file, which checks credentials against /etc/shadow. However, the `nobody` account has a default empty password. This allows an attacker to access the control panel API as a low-privilege logged-in user, modify the My Cloud EX2 Ultra web page source code, and obtain access to the My Cloud as a non-Admin My Cloud device user. **Recommendations** For versions prior to 2.31.174, update the firmware to version 2.31.174 or later to resolve the issue. As a temporary workaround, consider changing the default empty password of the `nobody` account to prevent unauthorized access. Restrict access to the control panel API to minimize the risk of exploitation. Avoid using the default `nobody` account for accessing the control panel API until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware versions prior to 2.31.174 **Description** The issue allows for an unauthenticated file upload, enabling the upload of arbitrary files to any location on the attached storage. This is possible through access to the "web/jquery/uploader/uploadify.php" page without requiring any credentials. **Recommendations** For Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware versions prior to 2.31.174, update the firmware to version 2.31.174 or later to resolve the issue. As a temporary workaround, consider restricting access to the "web/jquery/uploader/uploadify.php" page to prevent unauthenticated file uploads.