- Western Digital has already fixed one severe bug with update
- Exploitee.rs says it released bugs early due to WD’s industry reputation
- Hackers can potentially upload files without user permission
If you are a proud owner of a WD My Cloud NAS device, it’s time to pay attention. The company’s My Cloud NAS devices have been found vulnerable to remote hacking via the Internet and can potentially allow hackers to get access to your account and even upload files without permission.
Although the login bypass bug has been fixed by the company with a software update, Exploitee.rs claims the fix introduced another bug. This, along with other security flaws have been published by the Exploitee.rs team even before they have been patched supposedly to force Western Digital into taking action.
Exploitee.rs says that usually the team works with the vendors to ensure that the fixes are released properly for the flaws, however, Western Digital’s “reputation within the community” made the team publish the flaws to public right away. The team says that as WD has developed a reputation for ignoring the severity of the bugs reported to it, they are trying to “alert the community of the flaws” so that users can limit access of their WD My Cloud devices to the Internet as much as possible.