Storage data company, Western Digital has fixed a critical severity flaw impacting My Cloud OS 5 devices.
The flaw tracked as CCE-2021-44142 can be exploited by unauthenticated threat actors to gain remote code execution with root privileges.
Western Digital was able to fix the flaw by removing the “fruit” VFS module from the list of configured VFS objects. The company also changed the EA support configuration in My Cloud OS 5 Firmware 5.21.104.
Vulnerable devices exposed to CVE-2021-44142 attacks include My Cloud PR2100, My Cloud PR 4100, My Cloud EX4100, My Cloud EX2 Ultra, My Cloud Mirror Gen 2, My Cloud DL2100, My Cloud DL4100, My Cloud EX2100, My Cloud, and WD Cloud.
The hard disk drive manufacturer advised customers to update their devices to the latest firmware. To do this, they are advised to click the update alert as soon as possible.
Western Digital also fixed a critical vulnerability in the open-source Netatalk Apple File Protocol fileserver. The fileserver is used to access network shares and carry out Time Machine backups.