Exploiting (and Patching) a Zero Day RCE Vulnerability in a Western Digital NAS
In this video we show you how we found, exploited and patched a chain of zero day vulnerabilities in a Western Digital (WD) Network Attached Storage (NAS) device. This chain allows an unauthenticated attacker to execute code as root and install a permanent backdoor on the NAS.
0:00 Intro
0:41 Why Drop A Zero Day?
2:51 Overview Of WD PR4100 NAS
4:01 OS3 vs OS5
5:18 Recon And Password Cracking
7:02 API Introduction
8:45 Accessing Auth API (Vulnerability #1)
10:07 Firmware Update (Vulnerability #2)
15:48 Exploit Walkthrough
18:32 Exploit Execution
19:56 Patching Vulnerability #2
22:41 Downgrading OS5 To OS3
24:07 One Week Update
The vulnerabilities affect most of the WD NAS line-up and their OS3 firmware versions and are unpatched as of 2021/02/25. The new OS5 firmware is not vulnerable. OS3 is in a limbo, it’s not clear whether it is supported or not by WD, but WD’s official response to a security advisory in November 2020 seems to indicate that it’s out of support.
Please keep safe - do not expose your NA
2 weeks ago 00:06:17 1
3 weeks ago 00:18:33 1
1 month ago 00:56:25 1
1 month ago 00:17:12 2
1 month ago 01:56:28 2
1 month ago 00:57:17 4
1 month ago 01:03:33 1
2 months ago 00:03:27 1
2 months ago 00:11:57 1
3 months ago 01:21:24 1
3 months ago 00:00:17 1
3 months ago 00:00:00 1
3 months ago 00:29:35 1
3 months ago 01:31:07 1
3 months ago 00:03:44 1
3 months ago 03:28:38 1
3 months ago 02:35:05 1
3 months ago 00:00:00 1
3 months ago 00:03:47 1
3 months ago 00:05:55 1
3 months ago 00:00:00 1
3 months ago 00:00:00 1
3 months ago 00:02:22 1
3 months ago 00:06:42 1
