PT-2021-7664 · Western Digital · Western Digital My Cloud
Pedro Ribeiro
+1
·
Published
2021-07-02
·
Updated
2023-02-14
·
CVE-2021-36226
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud devices before OS5
Description
The issue is related to incorrect cryptographic signature verification in the Western Digital MyCloud PR4100 firmware. This could allow a remote attacker to execute arbitrary code. The problem arises because Western Digital My Cloud devices before OS5 do not use cryptographically signed firmware upgrade files.
Recommendations
For Western Digital My Cloud devices before OS5, consider updating to OS5 or later to address the issue of unsigned firmware upgrade files, as this update likely includes cryptographically signed firmware upgrades.
At the moment, there is no information about additional mitigation measures for this specific issue.
Exploit
Fix
Improper Verification of Cryptographic Signature
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Western Digital My Cloud