Login Sign Up

CVE-2020-27744

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2020-27744 is a critical remote code execution vulnerability affecting Western Digital My Cloud NAS devices. It allows attackers to execute arbitrary commands with root privileges on vulnerable devices. This affects all Western Digital My Cloud NAS devices running firmware versions before 5.04.114.

💻 Affected Systems

Products:
  • Western Digital My Cloud NAS devices
Versions: All firmware versions before 5.04.114
Operating Systems: Western Digital My Cloud OS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

My Cloud Firmware by Westerndigital

View all CVEs affecting My Cloud Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the NAS device with root access, allowing data theft, ransomware deployment, and use as a pivot point into internal networks.

🟠

Likely Case

Remote attackers gaining full control of the NAS, accessing all stored data, and potentially using the device for further attacks.

🟢

If Mitigated

Limited impact if device is isolated from internet and strict network segmentation is in place.

🌐 Internet-Facing: HIGH - Devices exposed to the internet are directly vulnerable to remote exploitation.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires no authentication and has been weaponized in real attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.04.114

Vendor Advisory: https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114

Restart Required: Yes

Instructions:

1. Log into My Cloud web interface. 2. Navigate to Settings > Firmware. 3. Check for updates and install version 5.04.114 or later. 4. Reboot the device after installation.

🔧 Temporary Workarounds

Network Isolation

all

Remove device from internet exposure by placing behind firewall with no inbound internet access.

Access Restriction

all

Restrict network access to trusted IP addresses only using firewall rules.

🧯 If You Can't Patch

  • Immediately disconnect device from internet and isolate on separate VLAN
  • Disable all remote access features and disable UPnP on router

🔍 How to Verify

Check if Vulnerable:

Check firmware version in My Cloud web interface under Settings > Firmware. If version is below 5.04.114, device is vulnerable.

Check Version:

Not applicable - version check through web interface only

Verify Fix Applied:

Confirm firmware version shows 5.04.114 or higher in Settings > Firmware.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Unauthorized access attempts to administrative interfaces
  • Unexpected process creation

Network Indicators:

  • Unusual outbound connections from NAS device
  • Exploit traffic patterns to port 80/443
  • Command and control beaconing

SIEM Query:

source="mycloud" AND (event="command_execution" OR event="unauthorized_access")

📊 Metadata

CVE ID: CVE-2020-27744
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: October 29, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-27744, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)