heise PlusAbo

Security update: Malware gap threatens NAS models from Western Digital

Attackers can attack certain Western Digital network storage devices with My Cloud OS.

listen Print view

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

If attackers successfully exploit a vulnerability, they can execute malicious code on certain Western Digital NAS models. A secured version of My Cloud OS is available for download.

The release notes indicate that the developers have closed the “critical” vulnerability (CVE-2025-30247) in My Cloud OS version 5.31.108. Due to insufficient checks in the user interface, remote attackers can use crafted HTTP POST requests to exploit the vulnerability and execute their commands.

Videos by heise

Specifically, the following models are at risk. It is currently not known whether attacks have already been launched.

  • My Cloud
  • My Cloud PR2100
  • My Cloud PR4100
  • My Cloud EX4100
  • My Cloud EX2 Ultra
  • My Cloud Mirror Gen 2
  • My Cloud DL2100
  • My Cloud EX2100
  • My Cloud DL4100
  • My Cloud WDBCTLxxxxxx-10

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten