Exploiting (and Patching) a Zero Day RCE Vulnerability in a Western Digital NAS
In this video we show you how we found, exploited and patched a chain of zero day vulnerabilities in a Western Digital (WD) Network Attached Storage (NAS) device. This chain allows an unauthenticated attacker to execute code as root and install a permanent backdoor on the NAS.
0:00 Intro
0:41 Why Drop A Zero Day?
2:51 Overview Of WD PR4100 NAS
4:01 OS3 vs OS5
5:18 Recon And Password Cracking
7:02 API Introduction
8:45 Accessing Auth API (Vulnerability #1)
10:07 Firmware Update (Vulnerability #2)
15:48 Exploit Walkthrough
18:32 Exploit Execution
19:56 Patching Vulnerability #2
22:41 Downgrading OS5 To OS3
24:07 One Week Update
The vulnerabilities affect most of the WD NAS line-up and their OS3 firmware versions and are unpatched as of 2021/02/25. The new OS5 firmware is not vulnerable. OS3 is in a limbo, it’s not clear whether it is supported or not by WD, but WD’s official response to a security advisory in November 2020 seems to indicate that it’s out of support.
Please keep safe - do not expose your NA
1 view
220
52
2 years ago 01:25:12 16
HackTheBox - Perspective - Exploiting and Securing DotNet Web Applications ViewState
10 years ago 00:03:21 38
Namsaknoi: Exploiting Tendencies
2 years ago 01:05:30 13
HackTheBox - Scanned - Escaping and Exploiting Chroot Based Jails via Unprotected File Descriptor
4 years ago 00:54:29 1
Exploiting Symmetries in Inference and Learning
6 years ago 00:10:19 188
LEAGUE OF GLITCHES MONTAGE - “Ultra Rare“ Bugs and Exploits
10 years ago 01:14:08 21
How-to Penetration Testing and Exploiting with Metasploit + Armitage + msfconsole
4 years ago 00:00:45 1K
Mei and Torbjorn Turret Exploit Bug Glitch
1 year ago 00:40:13 1
Dakotah Norton | Exploiting Strengths and Minimizing Weaknesses
2 years ago 00:23:15 1
Exploiting ChatGPT
2 years ago 00:10:46 1
Exploiting Using Metasploit | Exploitation
5 years ago 00:39:22 109
EvilParcel vulnerabilities and exploiting them in-the-wild in
11 years ago 00:02:08 48
CSS || de_inferno GLITCHES and EXPLOITS
7 years ago 01:21:38 56
3. Buffer Overflow Exploits and Defenses
9 years ago 00:03:16 36
The Exploited - Sex and violence
6 years ago 00:03:24 155
The Exploited Kiev Sex and Violence
8 years ago 00:02:29 366
The Exploited - Sex and Violence -
5 years ago 00:04:00 1.4K
Overwatch Queuing Exploit
6 years ago 00:04:00 101
The Exploited - Sex and Violence - Moscow Glavclub 2019
4 years ago 00:07:30 5
FUN NEW EVENT FULL OF EXPLOITS AND GLITCHES - Rainbow Six Siege
8 years ago 00:05:23 41
PoisonTap - exploiting locked machines w/Raspberry Pi Zero
1 year ago 00:07:44 1
Bruceploitation - Exploiting the Legend
1 year ago 00:21:21 72
Exploiting Blueprints to an EDGE in Satisfactory
13 years ago 00:03:48 22
End Exploitation and Trafficking
3 years ago 00:22:44 17
Investigation: How Roblox Is Exploiting Young Game Developers