Cloud service access barred for vulnerable Western Digital devices

SecurityWeek reports that Western Digital has prevented all devices on firmware affected by the critical vulnerability, tracked as CVE-2022-36327, from accessing its cloud services since June 15, in an effort to curb cyberattacks that may prompt significant data compromise. Exploiting the flaw, which affects Western Digitals My Cloud Home, My Cloud Home Duo, My Cloud OS 5 devices, and SanDisk ibi, could enable file writing in locations with particular filesystem types, according to an advisory from the National Institute of Standards and Technology. The vulnerability, along with other medium-severity flaws, had been resolved by Western Digital on May 15 with the release of My Cloud OS 5 firmware version 5.26.202, while a server-side request forgery bug had been addressed by the company in My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices as part of the firmware version 9.4.1-101 release on May 26. Nonapplication of the firmware update would hinder users of the aforementioned devices from accessing their data although such could still be done locally on their devices.