Western Digital has just released an hotfix firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) that had remained unpatched in My Cloud NAS devices for over a year.

This vulnerability allowed anyone to bypass authentication and get administrative access to the router. Once an attacker gains access to a router, they can flash it with customer firmware, change DNS to point users to phishing sites, or perform other malicious activities.

After wide media coverage, Western Digital stated that they would be working on a fix for this vulnerability. Western Digital today posted to the BleepingComputer tweet about the unpatched vulnerability and has stated that a hotfix has been released.

For those using Western Digital My Cloud NAS devices, you can download the appropriate firmware update from the following list:

Firmware Download

Instructions on how to install the firmware update can be found in this security notice.

Related Articles:

Facebook States 30 Million People Affected by Last Month's "View As" Bug

Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover

WhatsApp Fixes Vulnerability That’s Triggered by Answering a Call.

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Adobe Releases October 2018 Security Updates. None for Flash Player!