My Cloud Firmware Version 2.31.174
WDC Tracking Number: WDC-19004
Published: March 26, 2019
Last Updated: January 8, 2020
Description
My Cloud Firmware 2.31.174 includes multiple updates to help improve the security of your My Cloud devices.
Product Impact
Last Updated
My Cloud
March 26, 2019
My Cloud Mirror Gen2
March 26, 2019
My Cloud EX2 Ultra
March 26, 2019
My Cloud EX2100
March 26, 2019
My Cloud EX4100
March 26, 2019
My Cloud DL2100
March 26, 2019
My Cloud DL4100
March 26, 2019
My Cloud PR2100
March 26, 2019
My Cloud PR4100
March 26, 2019
Advisory Summary
Updated Netatalk to version 3.1.12 to address a memory unsafety vulnerability that could allow arbitrary code execution by an unauthenticated user.
- CVE Number: CVE-2018-1160
Resolved an authentication bypass vulnerability that allowed an attacker to modify the web page source code and obtain access as an unprivileged user.
- CVE Number: CVE-2019-9950
- Reported by: bnbdr
Addressed an unauthenticated file upload vulnerability where a page could be accessed without any credentials and allowed arbitrary files to be uploaded to the attached storage device.
- CVE Number: CVE-2019-9951
- Reported by: bnbdr