CVE-2021-35941

Name of the Vulnerable Software and Affected Versions Western Digital WD My Book Live versions 2.x and later Western Digital WD My Book Live Duo (all versions)

Description The issue is related to deficiencies in the authentication procedure of Western Digital's WD My Book Live and WD My Book Live Duo disk storage software. Exploitation of this issue can allow a remote attacker to cause a denial of service. It has been exploited in the wild, with a notable incident occurring in June 2021. The vulnerability allows an administrator API to perform a system factory restore without requiring authentication.

Recommendations For Western Digital WD My Book Live versions 2.x and later, consider restricting access to the administrator API to minimize the risk of exploitation. For Western Digital WD My Book Live Duo (all versions), restrict access to the administrator API to prevent unauthorized system factory restores. As a temporary workaround, consider disabling the factory restore functionality through the administrator API until a patch is available.