- Joined
- Aug 20, 2006
- Messages
- 13,000
Security researcher James Bercegay has released his findings on a hard-coded backdoor in certain My Cloud products after Western Digital failed to address the vulnerability. Reportedly, anyone can log in with "mydlinkBRionyg" as the username and "abc12345cba" as the password. These credentials cannot be changed.
Affected models include My Cloud Gen 2, My Cloud EX2, My Cloud EX2 Ultra, My Cloud PR2100, My Cloud PR4100, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100. A Metasploit module has also been publicly released, making is very easy for almost anyone to take advantage of Western Digital drives.
Affected models include My Cloud Gen 2, My Cloud EX2, My Cloud EX2 Ultra, My Cloud PR2100, My Cloud PR4100, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100. A Metasploit module has also been publicly released, making is very easy for almost anyone to take advantage of Western Digital drives.