so, my Western Digital MyCloud Live bit the dust the other day. i spent most of yesterday stressing, and figuring out what was wrong, and beginning to figure out how to fix it (and not getting very far, because of the stress).
then, this morning, i wake up to this: CVE-2018-18472…
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands…
and Action Required on My Book Live and My Book Live Duo
Western Digital has determined that some My Book Live devices are being compromised by malicious software. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015. We understand that our customers’ data is very important. At this time, we recommend you disconnect your My Book Live from the Internet to protect your data on the device.
the only hope i have is EITHER that the MyCloud IP address was unknown, unknowable, or “small potatoes”, OR that this is for My”BOOK” Live, and what i’m dealing with is a My”CLOUD” Live, and that CVE-2018-18472 applies to the My”BOOK” and not the My”CLOUD”…
but what is the probability of those things happening? 🤬
(actually, now that i think about it, the probability is fairly low: i BOUGHT the MyCloud device in 2014, and i’m pretty sure that i received firmware updates well after the 2015 date that they mentioned here, but… it’s still worrying.)
actually, i couldn’t POSSIBLY be that lucky… i was looking at the back of the device, and it very clearly says “MyBook Live”… 🤬🤬🤬🤬🤬
word now is that western digital has known about this since 2018. 🤬
some good news, for a change… i’ve written for a quote from Ace Data Recovery, which is a partner with western digital. i’m as confident as i can be (which isn’t much) that they have a MUCH better chance of actually recovering my data than anything i could do. of course, because of the fact that it is currently after business hours on friday, central time, and the fact that they don’t work on weekends, i’m probably not going to hear anything until monday, at the earliest. however, this gives me some time to work on the problem of where to put it once it has, actually, been retrieved.