Starting at
{{productPriceObj[bogoItems.productId].prices.list.amountFormatted}}
FREE
Starting at
{{productPriceObj[bogoItems.productId].prices.list.amountFormatted}}
{{productPriceObj[bogoItems.productId].prices.list.amountFormatted}}
{{productPriceObj[bogoItems.productId].prices.sale.amountFormatted}}
Qty.
{{bogoItems.qty}}
Add To Cart
No Thanks
Your Cart ({{totalItems}} {{totalItems == 1 ? 'Item' : 'Items'}})
Free standard shipping on orders of at least C$ 300 excluding taxes and shipping costs, and after any applicable coupons have been applied. Free standard shipping applies to purchases delivered within Canada. Western Digital reserves the right to change or discontinue these terms at any time without notice.
Details & Exclusions
Discount offer valid only for qualifying products bought online through the Western Digital Store. The discount may not be combined, used in conjunction with or used in addition to any other promotion or offer and does not apply to taxes or shipping costs. Products exclusions: Outlet Store products and recertified products. Retailers, Resellers and Distributors are excluded from this promotion. The promotion is not applicable for any prior purchases and may not be available in all regions of the world. WD reserves the right to change or discontinue this offer at any time without notice. This promotion is only valid on December 13, 2021.
Details & Exclusions
Hassle Free Return for the Holidays
Western Digital Store is introducing an extended return policy this holiday season. Items purchased starting November 22nd through December 22nd 2021, can be returned until January 22nd, 2022, for most reasons, without exceptions. Contact Western Digital support to determine if your order qualifies, and to begin the process of a return. This policy is subject to exclusions.
WDC Tracking Number: WDC-22005 Published: March 24, 2022
Last Updated: March 24, 2022
Description
Netatalk is an open-source Apple File Protocol fileserver that was being used by Western Digital products to access network shares and perform Time Machine backups. Multiple critical vulnerabilities have been discovered in Netatalk. Because Netatalk is unmaintained, we have removed Netatalk from our firmware released on January 10, 2022. Users can continue to access local network shares and perform Time Machine backup via SMB. For additional information, please refer to this KBA.
To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Product Impact
Minimum Fix Version
Last Updated
My Cloud PR2100
5.19.117
January 10, 2022
My Cloud PR4100
5.19.117
January 10, 2022
My Cloud EX4100
5.19.117
January 10, 2022
My Cloud EX2 Ultra
5.19.117
January 10, 2022
My Cloud Mirror Gen 2
5.19.117
January 10, 2022
My Cloud DL2100
5.19.117
January 10, 2022
My Cloud DL4100
5.19.117
January 10, 2022
My Cloud EX2100
5.19.117
January 10, 2022
My Cloud
5.19.117
January 10, 2022
WD Cloud
5.19.117
January 10, 2022
My Cloud Home
7.16-220
January 10, 2022
Advisory Summary
A stack-based buffer overflow vulnerability was discovered within the ad_addcomment function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Reported By: Theori (@theori_io) working with Trend Micro’s Zero Day Initiative
An improper handling of exceptional conditions issue was found in the parse_entries function that did not properly handle parsing AppleDouble entries. This vulnerability could allow a remote attacker to carry out an unauthenticated remote command execution on affected versions of Netatalk.
Reporteb By: NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) working with Trend Micro’s Zero Day Initiative
A stack-based buffer overflow vulnerability was discovered within the setfilparams function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Reported By: Orange Tsai (@orange_8361) from DEVCORE Research Team working with Trend Micro’s Zero Day Initiative
An out-of-bounds read information disclosure vulnerability was discovered in the getdirparams method that could allow an attacker to disclose sensitive information or carry out an unauthenticated remote code execution on the device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.
Reported By: Orange Tsai (@orange_8361) from DEVCORE Research Team working with Trend Micro’s Zero Day Initiative
An out-of-bounds read information disclosure vulnerability was discovered in the get_finderinfo method that could allow an attacker to disclose sensitive information or carry out an unauthenticated remote code execution on the device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.
Reported By: Theori (@theori_io) working with Trend Micro’s Zero Day Initiative
A stack-based buffer overflow vulnerability was discovered within the copyapplfile function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Reported By: Theori (@theori_io) working with Trend Micro’s Zero Day Initiative
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
Reported By: Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro’s Zero Day Initiative