Cybersecurity consequences - Western Digital disables Cloud service access for vulnerable WD devices
Take action: Users are lazy, and a measurable security penalty is sometimes necessary - you are locked out of cloud data until you patch. Or you can be very lazy, access your data locally on the device and wait for it to be hacked
Learn More
Western Digital has taken steps to prevent any devices affected by a critical vulnerability, known as CVE-2022-36327, from accessing its cloud services since June 15.
This is a painful decision aimed at mitigating the risk of significant data breaches in which vulnerable devices will be used as vectors to attack the cloud stores.
The vulnerability impacts Western Digital's My Cloud Home, My Cloud Home Duo, My Cloud OS 5 devices, and SanDisk ibi.
Exploiting this flaw could allow unauthorized file writing in specific filesystem locations. In order to address this issue, Western Digital had already resolved the vulnerability, along with other medium-severity flaws, by releasing the My Cloud OS 5 firmware version 5.26.202 on May 15. Additionally, a server-side request forgery bug was fixed in the My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices through the firmware version 9.4.1-101 release on May 26.
