Urgent WD My Cloud Flaw Enables Remote Hacks
▼ Summary
– Western Digital released firmware updates to patch CVE-2025-30247, a critical vulnerability allowing remote arbitrary command execution on My Cloud NAS devices.
– The flaw is an OS command injection exploitable via crafted HTTP POST requests and impacts multiple models including PR2100, EX4100, and EX2 Ultra.
– Two affected models, My Cloud DL4100 and DL2100, have reached end of support and may not receive updates, leaving them potentially vulnerable.
– Exploitation could lead to unauthorized file access, data theft, ransomware deployment, or device misuse, as seen in past NAS attacks.
– Users should immediately update to firmware 5.31.108, take devices offline if patching is delayed, and ensure automatic updates are enabled for protection.
Western Digital has issued an urgent firmware update to fix a critical security flaw in several My Cloud network-attached storage (NAS) devices, which could allow attackers to remotely execute commands and take control of affected systems. The vulnerability, identified as CVE-2025-30247, involves an OS command injection weakness in the My Cloud user interface. Attackers can exploit this flaw by sending specially crafted HTTP POST requests to vulnerable device endpoints.
A security researcher known as “w1th0ut” reported the issue to Western Digital. The company responded by releasing firmware version 5.31.108 to resolve the problem. This update applies to all prior firmware versions for the following models: My Cloud PR2100, My Cloud PR4100, My Cloud EX4100, My Cloud EX2 Ultra, My Cloud Mirror Gen 2, My Cloud DL2100, My Cloud EX2100, My Cloud DL4100, and My Cloud WDBCTLxxxxxx-10.
It is important to note that two of the listed devices, the My Cloud DL4100 and My Cloud DL2100, have reached end of support (EoS). Because of this, firmware updates may not be available for these models, and Western Digital’s security advisory does not offer alternative mitigation steps for EoS products.
My Cloud NAS devices are designed for small businesses, home offices, and individual users who want to store data on a personal cloud and access it remotely. While not built for enterprise or mission-critical use, they are widely used by consumers for features such as remote file access through mobile apps or web browsers, media streaming, and automated backup services.
If successfully exploited, CVE-2025-30247 could allow an attacker to run shell commands on the device. This could lead to unauthorized access, modification, or deletion of files, user enumeration, configuration changes, or even the execution of malicious binaries. In previous incidents, hackers have used similar vulnerabilities in NAS devices to steal sensitive information, build botnets, set up proxy servers, or deploy ransomware to extort money from users.
My Cloud users are strongly advised to install firmware version 5.31.108 immediately. If applying the update right away is not possible, users should disconnect the device from the internet until the patch can be installed. Even when offline, the My Cloud device can continue to function as a local storage unit on the local network, though files stored through Western Digital’s cloud service will not be accessible remotely.
For customers who have enabled automatic updates, the firmware should have been installed starting September 23, 2025. It is still a good idea to manually verify that your device is running the latest version. Users performing a manual update can download the correct firmware image for their specific model from Western Digital’s support site, then go to Settings > Firmware Update > Update From File and select the downloaded BIN file.
A device reboot is required after the update, and the NAS must remain powered on throughout the entire process to prevent potential data corruption.
(Source: Bleeping Computer)
