CVE-2020-29563
📋 TL;DR
This vulnerability allows unauthenticated attackers to bypass authentication on Western Digital My Cloud OS 5 devices, gaining administrative access to the NAS system. It affects all Western Digital My Cloud devices running OS 5 before version 5.07.118. This is a critical authentication bypass flaw that exposes the entire device to unauthorized control.
💻 Affected Systems
- Western Digital My Cloud devices with OS 5
📦 What is this software?
My Cloud Os 5 by Westerndigital
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the NAS device with administrative privileges, allowing data theft, ransomware deployment, lateral movement to connected systems, and persistent backdoor installation.
Likely Case
Unauthorized access to sensitive files, configuration changes, installation of malware, and potential data exfiltration from the compromised NAS.
If Mitigated
Limited impact if device is isolated from internet, has strong network segmentation, and additional authentication layers beyond the vulnerable interface.
🎯 Exploit Status
The vulnerability requires no authentication and has publicly available proof-of-concept code. Exploitation is straightforward once the device is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.07.118 or later
Vendor Advisory: https://www.westerndigital.com/support/productsecurity/wdc-20010-my-cloud-os5-firmware-5-07-118
Restart Required: Yes
Instructions:
1. Log into My Cloud web interface. 2. Navigate to Settings > Firmware. 3. Check for updates and install version 5.07.118 or later. 4. Reboot the device after installation completes.
🔧 Temporary Workarounds
Disable Remote Access
allDisable all remote access to the My Cloud web interface to prevent exploitation from external networks.
Network Segmentation
allIsolate My Cloud devices on a separate VLAN with strict firewall rules blocking all inbound access except from trusted management networks.
🧯 If You Can't Patch
- Immediately disconnect the device from the internet and any untrusted networks
- Implement strict network access controls allowing only trusted IP addresses to access the management interface
🔍 How to Verify
Check if Vulnerable:
Check the firmware version in the My Cloud web interface under Settings > Firmware. If version is below 5.07.118, the device is vulnerable.Check Version:
No CLI command available. Must check via web interface at Settings > Firmware.Verify Fix Applied:
Confirm firmware version is 5.07.118 or later in Settings > Firmware. Test authentication by attempting to access admin functions without credentials (should be denied).📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful admin access from same IP
- Unauthorized access to admin endpoints without authentication logs
- Multiple admin login events from previously unknown IP addresses
Network Indicators:
- HTTP requests to admin endpoints without authentication headers
- Traffic to /api/2.1/rest/admin_login or similar authentication endpoints from unauthenticated sources
SIEM Query:
source="mycloud" AND (url="*/admin*" OR url="*/api/*") AND NOT (user!="" OR auth_token!="")🔗 References
- https://www.westerndigital.com/support/productsecurity/wdc-20010-my-cloud-os5-firmware-5-07-118
- https://www.zerodayinitiative.com/advisories/ZDI-20-1446/
- https://www.westerndigital.com/support/productsecurity/wdc-20010-my-cloud-os5-firmware-5-07-118
- https://www.zerodayinitiative.com/advisories/ZDI-20-1446/
