December 22, 2024
PSA: Western Digital 'My Book Live' Drives Are Being Remotely Wiped

PSA: Western Digital 'My Book Live' Drives Are Being Remotely Wiped

Posted June 25, 2021 at 2:45pm by iClarified
Western Digital is advising customers disconnect their 'My Book Live' and 'My Book Live Duo' devices from the Internet after reports that users have had their drives compromised and remotely wiped.

Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.

Users are advised to disconnect the drives from the Internet by unplugging the Ethernet cable.


At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device.

Western Digital is referencing CVE-2018-18472 in the attack. The vulnerability was discovered years ago but is apparently only now being exploited in the wild.

"Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,"

Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.


Read More


PSA: Western Digital 'My Book Live' Drives Are Being Remotely Wiped
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (1)
You must login or register to add a comment...
qba
qba - June 29, 2021 at 12:33am
A local drive with access to cloud drive , hahahaha, good job to WD because they know that humans are so stupid.
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS