Western Digital Fixes Critical Flaw Impacting My Cloud NAS Devices

Storage data company, Western Digital has fixed a critical severity flaw impacting My Cloud OS 5 devices.

The flaw tracked as CCE-2021-44142 can be exploited by unauthenticated threat actors to gain remote code execution with root privileges.

Western Digital was able to fix the flaw by removing the “fruit” VFS module from the list of configured VFS objects. The company also changed the EA support configuration in My Cloud OS 5 Firmware 5.21.104.

Vulnerable devices exposed to CVE-2021-44142 attacks include My Cloud PR2100, My Cloud PR 4100, My Cloud EX4100, My Cloud EX2 Ultra, My Cloud Mirror Gen 2, My Cloud DL2100, My Cloud DL4100, My Cloud EX2100, My Cloud, and WD Cloud.

The hard disk drive manufacturer advised customers to update their devices to the latest firmware. To do this, they are advised to click the update alert as soon as possible.

Western Digital also fixed a critical vulnerability in the open-source Netatalk Apple File Protocol fileserver. The fileserver is used to access network shares and carry out Time Machine backups.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web