CVE-2021-3310 – Western Digital My Cloud OS 5 devices before ve... (How to Fix)

Q: What is the severity of CVE-2021-3310?

CVE-2021-3310 has a CVSS score of 7.8 (HIGH). Western Digital My Cloud OS 5 devices before version 5.10.122 have a symbolic link following vulnerability in SMB and AFP shares. This allows attackers to read local files (information disclosure) and potentially execute code. All users of affected My Cloud devices are at risk.

📋 TL;DR

Western Digital My Cloud OS 5 devices before version 5.10.122 have a symbolic link following vulnerability in SMB and AFP shares. This allows attackers to read local files (information disclosure) and potentially execute code. All users of affected My Cloud devices are at risk.

💻 Affected Systems

Products:

Western Digital My Cloud OS 5 devices

Versions: All versions before 5.10.122

Operating Systems: My Cloud OS 5

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SMB or AFP shares to be enabled, which are commonly used features on these devices.

📦 What is this software?

My Cloud Os by Westerndigital

View all CVEs affecting My Cloud Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, and lateral movement to other network systems.

🟠

Likely Case

Unauthorized reading of sensitive files stored on the My Cloud device, potentially including credentials, configuration files, and user data.

🟢

If Mitigated

Limited impact if shares are restricted to trusted users and network segmentation is implemented.

🌐 Internet-Facing: HIGH - If SMB/AFP shares are exposed to the internet, attackers can exploit this remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to access sensitive data on the My Cloud device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows unauthenticated attackers to exploit via SMB/AFP protocols. No public exploit code has been released, but the vulnerability is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.10.122

Vendor Advisory: https://www.westerndigital.com/support/productsecurity/wdc-21002-my-cloud-firmware-version-5-10-122

Restart Required: Yes

Instructions:

1. Log into My Cloud web interface. 2. Navigate to Settings > Firmware. 3. Check for updates and install version 5.10.122 or later. 4. Reboot the device after installation.

🔧 Temporary Workarounds

Disable SMB and AFP shares

all

Temporarily disable SMB and AFP file sharing protocols to prevent exploitation.

Restrict share access

all

Configure shares to allow access only from specific trusted IP addresses or users.

🧯 If You Can't Patch

Isolate the My Cloud device on a separate VLAN with strict firewall rules limiting SMB/AFP traffic to trusted hosts only.
Implement network monitoring for unusual SMB/AFP activity and file access patterns to detect potential exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version in My Cloud web interface under Settings > Firmware. If version is below 5.10.122, the device is vulnerable.

Check Version:

Not applicable - check via web interface or device display

Verify Fix Applied:

Confirm firmware version shows 5.10.122 or higher after update and reboot.

📡 Detection & Monitoring

Log Indicators:

Unusual SMB/AFP connection attempts from unexpected IP addresses
Multiple failed authentication attempts followed by successful file access
Access to system files or directories not typically accessed via shares

Network Indicators:

SMB or AFP traffic to My Cloud device from untrusted networks
Unusual file transfer patterns via SMB/AFP protocols

SIEM Query:

source="mycloud" AND (protocol="SMB" OR protocol="AFP") AND (event="file_access" OR event="connection") AND src_ip NOT IN [trusted_ips]

📊 Metadata

CVE ID: CVE-2021-3310

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-59

Published: March 10, 2021

Last Updated: November 21, 2024

🔗 References

https://www.westerndigital.com/support/productsecurity/wdc-21002-my-cloud-firmware-version-5-10-122 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-277/ Third Party Advisory
https://www.westerndigital.com/support/productsecurity/wdc-21002-my-cloud-firmware-version-5-10-122 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-277/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3310, you might also want to check these: