CVE-2020-27160 – This is a critical remote code execution vulner... (How to Fix)

Q: What is the severity of CVE-2020-27160?

CVE-2020-27160 has a CVSS score of 9.8 (CRITICAL). This is a critical remote code execution vulnerability in Western Digital My Cloud NAS devices that allows attackers to execute arbitrary code with elevated privileges. It affects devices running firmware versions prior to 5.04.114, potentially compromising thousands of internet-facing storage devices.

📋 TL;DR

This is a critical remote code execution vulnerability in Western Digital My Cloud NAS devices that allows attackers to execute arbitrary code with elevated privileges. It affects devices running firmware versions prior to 5.04.114, potentially compromising thousands of internet-facing storage devices.

💻 Affected Systems

Products:

Western Digital My Cloud NAS devices

Versions: All firmware versions prior to 5.04.114

Operating Systems: Western Digital My Cloud OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the AvailableApps.php component specifically. All default configurations are vulnerable.

📦 What is this software?

My Cloud Firmware by Westerndigital

View all CVEs affecting My Cloud Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover, data theft/encryption, lateral movement to internal networks, and persistent backdoor installation.

🟠

Likely Case

Unauthorized access to stored files, ransomware deployment, and device compromise for botnet participation.

🟢

If Mitigated

Limited impact if device is isolated behind firewall with no internet exposure and strong network segmentation.

🌐 Internet-Facing: HIGH - These NAS devices are commonly exposed to the internet for remote access, making them prime targets.

🏢 Internal Only: MEDIUM - Still significant risk if attacker gains internal network access through phishing or other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-22 indicates improper path handling, suggesting directory traversal or similar issues. Public details suggest relatively straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.04.114

Vendor Advisory: https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114

Restart Required: Yes

Instructions:

1. Log into My Cloud web interface. 2. Navigate to Settings > Firmware. 3. Check for updates. 4. Install firmware version 5.04.114 or later. 5. Reboot device after installation.

🔧 Temporary Workarounds

Network Isolation

all

Block internet access to the NAS device and restrict to internal network only

Disable Remote Access

all

Turn off remote access features in My Cloud settings

🧯 If You Can't Patch

Immediately disconnect device from internet and place behind strict firewall rules
Implement network segmentation to isolate NAS from critical systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version in My Cloud web interface under Settings > Firmware. If version is below 5.04.114, device is vulnerable.

Check Version:

Not applicable - check via web interface only

Verify Fix Applied:

Confirm firmware version shows 5.04.114 or higher in Settings > Firmware after update.

📡 Detection & Monitoring

Log Indicators:

Unusual access to AvailableApps.php
Unexpected process execution
Failed authentication attempts followed by successful access

Network Indicators:

Unusual outbound connections from NAS device
Traffic to/from unexpected ports
Suspicious HTTP requests to AvailableApps.php

SIEM Query:

source="mycloud" AND (uri="*AvailableApps.php*" OR process="unexpected_executable")

📊 Metadata

CVE ID: CVE-2020-27160

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: October 27, 2020

Last Updated: November 21, 2024

🔗 References

https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/ Exploit,Third Party Advisory
https://www.westerndigital.com/support/productsecurity Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114 Vendor Advisory
https://www.comparitech.com/blog/information-security/security-vulnerabilities-80000-devices-update-now/ Exploit,Third Party Advisory
https://www.westerndigital.com/support/productsecurity Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27160, you might also want to check these: