If you have a Western Digital MyBook storage drive in your environment, go disconnect it from the network right now. While you’re at it, you better check if your data is still there.
Reports began surfacing in the Western Digital support forums on June 23 that users were realizing that all of the data had been remotely wiped from their My Book devices. The directory structures were still there, but the files were gone.
Closer inspection revealed that the devices had been rebooted and then executed a factory reset. Somehow these actions have been triggered remotely, even on devices behind a firewall on a LAN.
Western Digital is aware of the problem but for now the only thing they’ve offered in terms of mitigation is advising all users to disconnect their devices from the network.
Update: as I was finishing up this edition it turns out that this issue is a result of CVE-2018-18472 which, seems to mean this was known as far back as 2018. It describes a Remote Command Execution bug via shell that can be executed by anybody who knows the remote IP of the device.
Credit: ZoneEdit CEO Mark Jeffovic – Weekly Axis Of Easy #202
Comments