CVE-2018-17153 Scanner

The Western Digital MyCloud NAS is a popular network-attached storage device used for storing and sharing files amongst multiple devices within a network. It is designed for personal or small business use, with features such as data backup, media streaming, and remote access. 

However, the MyCloud device before version 2.30.196 was discovered to have an authentication bypass vulnerability, identified as CVE-2018-17153. This vulnerability allows a remote, unauthenticated attacker to gain complete access to the device, with the capability to authenticate as an admin user without providing a password. 

When exploited, this vulnerability can lead to a multitude of disastrous outcomes for the device owner. An attacker could potentially steal, modify, or delete sensitive files on the device, or even launch further attacks on other devices within the same network. Additionally, an attacker could use the device as a staging ground for conducting botnet attacks, resulting in significant security and performance issues. 

At SecurityForEveryone.com, our pro features allow users to quickly and easily scan their digital assets for known vulnerabilities. By utilizing our platform, users can stay informed and proactively protect their devices against critical weaknesses, such as the CVE-2018-17153 vulnerability affecting the MyCloud NAS. Stay ahead of potential threats and sign up for our pro account today.

REFERENCES

• securityfocus.com: 105359 
• https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html 
• https://support.wdc.com/knowledgebase/answer.aspx?ID=25952 
• http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html