NAS boxes vulnerable to admin EoP via HTTPS packets
September 18th, 2018 By Shaun Nichols
An elevation of privilege flaw in the Western Digital My Cloud platform allows attackers to gain admin-level access to the device via an HTTP request.
Researchers at vulnerability shop Securify say the vulnerability, designated CVE-2018-17153, would allow an attacker with network access to the device to bypass the login controls and create a session with admin privileges.
This would, in turn, give the attacker full control over the NAS device, including the ability to view and copy all stored data as well as overwrite and erase contents.
Full Article.