Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.
Users are advised to disconnect the drives from the Internet by unplugging the Ethernet cable.
At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device.
Western Digital is referencing CVE-2018-18472 in the attack. The vulnerability was discovered years ago but is apparently only now being exploited in the wild.
"Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,"
Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.