Western Digital has just released an hotfix firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) that had remained unpatched in My Cloud NAS devices for over a year.

This vulnerability allowed anyone to bypass authentication and get administrative access to the router. Once an attacker gains access to a router, they can flash it with customer firmware, change DNS to point users to phishing sites, or perform other malicious activities.

After wide media coverage, Western Digital stated that they would be working on a fix for this vulnerability. Western Digital today posted to the BleepingComputer tweet about the unpatched vulnerability and has stated that a hotfix has been released.

For those using Western Digital My Cloud NAS devices, you can download the appropriate firmware update from the following list:

Firmware Download

Instructions on how to install the firmware update can be found in this security notice.

Related Articles:

WordPress Security Patch Addresses Privacy Leak Bug

Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability

Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today's Updates.

Adobe Flash Player Update Released for Remote Code Execution Vulnerability

UK's NCSC Explains How They Handle Discovered Vulnerabilities