1.68K subscribers

In this video we show you how we found, exploited and patched a chain of zero day vulnerabilities in a Western Digital (WD) Network Attached Storage (NAS) device. This chain allows an unauthenticated attacker to execute code as root and install a permanent backdoor on the NAS.

0:00 Intro 0:41 Why Drop A Zero Day? 2:51 Overview Of WD PR4100 NAS 4:01 OS3 vs OS5 5:18 Recon And Password Cracking 7:02 API Introduction 8:45 Accessing Auth API (Vulnerability #1) 10:07 Firmware Update (Vulnerability #2) 15:48 Exploit Walkthrough 18:32 Exploit Execution 19:56 Patching Vulnerability #2 22:41 Downgrading OS5 To OS3 24:07 One Week Update

The vulnerabilities affect most of the WD NAS line-up and their OS3 firmware versions and are unpatched as of 2021/02/25. The new OS5 firmware is not vulnerable. OS3 is in a limbo, it's not clear whether it is supported or not by WD, but WD's official response to a security advisory in November 2020 seems to indicate that it's out of support.

Please keep safe - do not expose your NAS to the Internet. If your device supports OS5, upgrade to that, otherwise you can use our patch to fix it, which needs to be done at every reboot.

Our patch can be found at: https://github.com/pedrib/PoC/blob/ma... https://github.com/rdomanski/Exploits...

Follow us on Twitter! https://twitter.com/FlashbackPwn https://twitter.com/pedrib1337 https://twitter.com/RabbitPro

~ Flashback https://www.flashback.sh