Bernard Van Gastel

**Name of the Vulnerable Software and Affected Versions** Western Digital SanDisk X600 devices (affected versions not specified) **Description** A vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices (affected versions not specified) **Description** The firmware update authentication method in the affected devices relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device. If this key is extracted, it could be used to install arbitrary firmware on other devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.