WDC-20010 My Cloud OS 5 Firmware 5.07.118

My Cloud OS 5 Firmware 5.07.118

WDC Tracking Number: WDC-20010
Published: December 9, 2020

Last Updated: December 9, 2020

Description

My Cloud OS 5 was vulnerable to a NAS Admin authentication bypass vulnerability. My Cloud Firmware 5.07.118 contains updates to help resolve this vulnerability and improve the security of your My Cloud devices.

Product Impact

Minimum Fix Version

Last Updated

My Cloud PR2100

5.07.118

December 9, 2020

My Cloud PR4100

5.07.118

December 9, 2020

My Cloud EX2 Ultra

5.07.118

December 9, 2020

My Cloud EX4100

5.07.118

December 9, 2020

My Cloud Mirror Gen 2

5.07.118

December 9, 2020

For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/

Advisory Summary

Addressed a NAS Admin authentication bypass vulnerability that could allow an unauthenticated user to gain access to the device. The vulnerability was addressed by enforcing tighter whitelisting rules.

CVE Number: CVE-2020-29563
Reported by: DEVCORE working with Trend Micro’s Zero Day Initiative

Masked the password of the remote backup process when viewing running processes with the admin user.

Add up to 4 products

{{ skuObj.title.length < 15 ? skuObj.title : skuObj.title.substring(0,14) + "..." }}

Compare

Details & Exclusions

Details & Exclusions

Details & Exclusions

Details & Exclusions

Sign In

Sign In for Business

Resend Verification Email

Reset Password

Sign In

Sign In for Business

Resend Verification Email

Reset Password

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

My Cloud OS 5 Firmware 5.07.118

Description

Advisory Summary

News and updates straight to your inbox