Headline
CVE-2020-29563: WDC-20010 My Cloud OS 5 Firmware 5.07.118 | Western Digital
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device.
WDC Tracking Number: WDC-20010
Published: December 9, 2020
Last Updated: December 9, 2020
Description
My Cloud OS 5 was vulnerable to a NAS Admin authentication bypass vulnerability. My Cloud Firmware 5.07.118 contains updates to help resolve this vulnerability and improve the security of your My Cloud devices.
Product Impact
Minimum Fix Version
Last Updated
My Cloud PR2100
5.07.118
December 9, 2020
My Cloud PR4100
5.07.118
December 9, 2020
My Cloud EX2 Ultra
5.07.118
December 9, 2020
My Cloud EX4100
5.07.118
December 9, 2020
My Cloud Mirror Gen 2
5.07.118
December 9, 2020
For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/
Advisory Summary
Addressed a NAS Admin authentication bypass vulnerability that could allow an unauthenticated user to gain access to the device. The vulnerability was addressed by enforcing tighter whitelisting rules.
CVE Number: CVE-2020-29563
Reported by: DEVCORE working with Trend Micro’s Zero Day Initiative
Masked the password of the remote backup process when viewing running processes with the admin user.