Vulnerabilities that could allow unauthorized file deletion, unauthorized command execution and authentication bypass impacted WD (Western Digital) MyCloud devices, Trustwave reports.
The vulnerabilities were discovered in the MyCloud personal storage device and were reported to Western Digital last year. The company has already released a firmware update to address them.
All of the issue were found by Trustwave security researcher Martin Rakhmanov in the nas_sharing.cgi binary.
The first of them was the inclusion of hardcoded credentials in the binary, which could allow anyone to authenticate to the device.