Starting at
{{productPriceObj[bogoItems.productId].prices.list.amountFormatted}}
FREE
Starting at
{{productPriceObj[bogoItems.productId].prices.list.amountFormatted}}
{{productPriceObj[bogoItems.productId].prices.list.amountFormatted}}
{{productPriceObj[bogoItems.productId].prices.sale.amountFormatted}}
Qty.
{{bogoItems.qty}}
Add To Cart
No Thanks
Your Cart ({{totalItems}} {{totalItems == 1 ? 'Item' : 'Items'}})
Save 10% on select orders over $100 and 15% on orders over $250. Offer valid on any WD or SanDisk product, and on qualifying G-Technology products (listed here), or combinations of qualifying products, bought online through the Western Digital Store. Maximum of one purchase per customer. Offer is only valid while supplies last. This offer may not be combined, used in conjunction with or used in addition to any other promotion or offer. This offer does not apply to taxes or shipping costs. Retailers, Resellers and Distributors are excluded from this promotion. This offer is not applicable for any prior purchases and may not be available in all regions of the world. Western Digital reserves the right to change or discontinue this offer at any time without notice. This promotion is valid on 5/3/21 - 5/9/21.
Sandisk-Details & Exclusions
Save 10% on select orders over $100 and 15% on orders over $250. Offer valid on any WD or SanDisk product, and on qualifying G-Technology products (listed here), or combinations of qualifying products, bought online through the Western Digital Store. Maximum of one purchase per customer. Offer is only valid while supplies last. This offer may not be combined, used in conjunction with or used in addition to any other promotion or offer. This offer does not apply to taxes or shipping costs. Retailers, Resellers and Distributors are excluded from this promotion. This offer is not applicable for any prior purchases and may not be available in all regions of the world. Western Digital reserves the right to change or discontinue this offer at any time without notice. This promotion is valid on 5/3/21 - 5/9/21.
Details & Exclusions
Hassle Free Return for the Holidays
Western Digital Store is introducing an extended return policy this holiday season. Items purchased starting 22 November through 22 December 2021, can be returned until 22 January 2022, for most reasons, without exceptions. Contact Western Digital support to determine if your order qualifies, and to begin the process of a return. This policy is subject to exclusions.
WDC Tracking Number: WDC-22005 Published: March 24, 2022
Last Updated: March 24, 2022
Description
Netatalk is an open-source Apple File Protocol fileserver that was being used by Western Digital products to access network shares and perform Time Machine backups. Multiple critical vulnerabilities have been discovered in Netatalk. Because Netatalk is unmaintained, we have removed Netatalk from our firmware released on January 10, 2022. Users can continue to access local network shares and perform Time Machine backup via SMB. For additional information, please refer to this KBA.
To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Product Impact
Minimum Fix Version
Last Updated
My Cloud PR2100
5.19.117
January 10, 2022
My Cloud PR4100
5.19.117
January 10, 2022
My Cloud EX4100
5.19.117
January 10, 2022
My Cloud EX2 Ultra
5.19.117
January 10, 2022
My Cloud Mirror Gen 2
5.19.117
January 10, 2022
My Cloud DL2100
5.19.117
January 10, 2022
My Cloud DL4100
5.19.117
January 10, 2022
My Cloud EX2100
5.19.117
January 10, 2022
My Cloud
5.19.117
January 10, 2022
WD Cloud
5.19.117
January 10, 2022
My Cloud Home
7.16-220
January 10, 2022
Advisory Summary
A stack-based buffer overflow vulnerability was discovered within the ad_addcomment function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Reported By: Theori (@theori_io) working with Trend Micro’s Zero Day Initiative
An improper handling of exceptional conditions issue was found in the parse_entries function that did not properly handle parsing AppleDouble entries. This vulnerability could allow a remote attacker to carry out an unauthenticated remote command execution on affected versions of Netatalk.
Reporteb By: NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) working with Trend Micro’s Zero Day Initiative
A stack-based buffer overflow vulnerability was discovered within the setfilparams function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Reported By: Orange Tsai (@orange_8361) from DEVCORE Research Team working with Trend Micro’s Zero Day Initiative
An out-of-bounds read information disclosure vulnerability was discovered in the getdirparams method that could allow an attacker to disclose sensitive information or carry out an unauthenticated remote code execution on the device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.
Reported By: Orange Tsai (@orange_8361) from DEVCORE Research Team working with Trend Micro’s Zero Day Initiative
An out-of-bounds read information disclosure vulnerability was discovered in the get_finderinfo method that could allow an attacker to disclose sensitive information or carry out an unauthenticated remote code execution on the device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.
Reported By: Theori (@theori_io) working with Trend Micro’s Zero Day Initiative
A stack-based buffer overflow vulnerability was discovered within the copyapplfile function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.
Reported By: Theori (@theori_io) working with Trend Micro’s Zero Day Initiative
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
Reported By: Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro’s Zero Day Initiative