Recently, Western Digital encountered a Zero-day vulnerability that has been identified as CVE-2021-35941. However, it is not the first when the hacker is targeting the Western Digital My Book Live NAS.
The researchers of Western Digital asserted that in addition to the previous vulnerability identified as CVE-2018-1847, the attackers came up with another vulnerability that generally enabled the hackers to carry out the mass-factory resets of devices leads to a huge amount of data loss.
After this attack, many customers of WD’s My Book Live had discovered a deletion of files and backups, along with the network storage appliance factory reset.
Initially, on 26 June nearly at 8 pm after a proper investigation, WD’s My Book Live researchers affirmed that there may be multiple simultaneous attackers.
Apart from this Censys also added the update regarding the discussed authentication code is in system_factory_restore.
They had also added updates to nearly all the findings from the My Book Live firmware, there was also an update about the threat actors control by password protecting the RCE.
After confirming the attack, the researcher of WD’s My Book Live added data on the discovery of the payload and soon it has been sent to My Book Live devices. Moreover, the experts also added a proper examination of the payload code and endpoint that they have found.
According to the investigation, the experts opined that this vulnerability enabled via remote administration consoles, and it most probably needed an admin to authenticate themselves to the device.
However, it is not very difficult for the threat actors to execute this attack, because if the attackers could determine the correct parameters to the endpoint, they can easily execute a mass trigger of factory resets on the affected devices.
The threat actors have been performing some malicious activity before executing this Zero-day vulnerability. According to the report, the hackers have used the old vulnerability that took place in 2018 CVE-2018-18472 to publicly expose the WD’s My Book Live, and later they can add them to the botnet.
The main motive of the threat actors for executing this vulnerability is that it will execute a command on the NAS device that will eventually download a script from a remote site and implement it accordingly.
Apart from all these, the hackers who have exploited CVE-2018-18472 used the implemented code execution chance to modify the file named language_configuration.php on the My Book Live stack where the vulnerability endure.
The experts are yet trying to reach out to all the details regarding the vulnerability, and they declared that this attack has been carried out by different cybercriminal groups.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
The latest Nexusguard DDoS Trend Report for 2024 has unveiled a significant escalation in the size of Distributed Denial of…
Researchers have identified a new form of cyberattack termed "LLMjacking," which exploits stolen cloud credentials to hijack cloud-hosted large language…
In a recent cybersecurity breakthrough, researchers have unveiled significant updates to the HijackLoader malware, a sophisticated modular loader notorious for…
The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and…
Dell Technologies recently disclosed a data breach involving a company portal that contained limited customer information related to purchases. The…
Several Stack Overflow users have begun deleting their contributions from the platform, a move that has sparked widespread debate within…