Now with a hardware product is really not worry ah .. Intel processors exposed serious security loopholes in succession, Western Digital 's famous My Cloud series of NAS network storage has been stabbed out of the back door, you can easily be used.
James Bercegay, a safety researcher at GulfTech Research and Development, reported the findings to Western Digital as early as June 12, 2017, but has not been repaired so far, so by industry practice details have been made public.
This backdoor exists in the hardware of the Western Digital My Cloud NAS and can not be changed and is rather 'low'. Simply enter the administrator account 'mydlinkBRionyg' and the password 'abc12345cba' to log in successfully and get full shell access. Into any instruction, do whatever they want.
The most horrible thing is, Malicious attackers can use this backdoor directly to access a malicious Web site without requiring any co-ordination by the user, or even initiate a local attack via a specially crafted HTML image and iframe markup even if the Web site is down.
Specific devices affected include: My Cloud Gen 2, My Cloud EX2, My Cloud EX2 Ultra, My Cloud PR2100, My Cloud PR4100, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100.
Western Digital has not yet made any response to this, the best device users should be cautious to visit the network.
