Subj : WD patches NAS security flaw which could have allowed full takeov To : All From : TechnologyDaily Date : Wed Oct 01 2025 15:30:08 WD patches NAS security flaw which could have allowed full takeover Date: Wed, 01 Oct 2025 14:13:00 +0000 Description: Multiple versions are affected, and there don't appear to be any workarounds. FULL STORY ======================================================================Western Digital patches critical RCE flaw CVE-2025-30247 in multiple My Cloud NAS models Vulnerability exploited via crafted HTTP POST requests targeting the My Cloud user interface End-of-life models wont receive updates; users urged to patch or migrate to newer devices Data storage giant Western Digital just fixed a critical-severity vulnerability that was discovered in multiple My Cloud NAS models. In a security advisory, the company said it was tipped off about an OS command injection flaw in the My Cloud user interface, that could be abused through specially crafted HTTP POST requests sent to vulnerable devices. The attack would grant the threat actors remote code execution (RCE) capabilities - it is tracked as CVE-2025-30247, and was given a severity score of 9.3/10 (critical). Here is a full list of the affected models: My Cloud PR2100 My Cloud PR4100 My Cloud EX4100 My Cloud EX2 Ultra My Cloud Mirror Gen 2 My Cloud DL2100 My Cloud EX2100 My Cloud DL4100 My Cloud WDBCTLxxxxxx-10 End of life My Cloud DL4100 and My Cloud DL2100 are two models that have reached their end-of-life status, and as such will not be getting an update. Users are advised to migrate to a newer model, and then apply the firmware patch to bring the device to version 5.31.108. Default settings allow for automatic patch management, but Western Digital still urges users to double-check the version they are running. Alternatively, they can take the device offline until they install the patch, but in that case, cloud service features will not be available. The devices make a line of personal cloud storage solutions, used mostly for backing up multimedia and documents, streaming it to smart TVs and mobile devices, or sharing with other people. My Cloud is primarily designed for personal use but there are some models (mostly those in the EX and PR series) that come with RAID support, multiple drive bays, and enhanced user management, which also makes them somewhat suitable for small offices or prosumer environments. Via BleepingComputer You might also like Exposed: fake 'new' hard drives sold on Amazon were hiding recycled parts from over a decade ago Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/wd-patches-nas-security-flaw-which-coul d-have-allowed-full-takeover --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .