Exploiting (and Patching) a Zero Day RCE Vulnerability in a Western Digital NAS

In this video we show you how we found, exploited and patched a chain of zero day vulnerabilities in a Western Digital (WD) Network Attached Storage (NAS) device. This chain allows an unauthenticated attacker to execute code as root and install a permanent backdoor on the NAS. 0:00 Intro 0:41 Why Drop A Zero Day? 2:51 Overview Of WD PR4100 NAS 4:01 OS3 vs OS5 5:18 Recon And Password Cracking 7:02 API Introduction 8:45 Accessing Auth API (Vulnerability #1) 10:07 Firmware Update (Vulnerability #2) 15:48 Exploit Walkthrough 18:32 Exploit Execution 19:56 Patching Vulnerability #2 22:41 Downgrading OS5 To OS3 24:07 One Week Update The vulnerabilities affect most of the WD NAS line-up and their OS3 firmware versions and are unpatched as of 2021/02/25. The new OS5 firmware is not vulnerable. OS3 is in a limbo, it’s not clear whether it is supported or not by WD, but WD’s official response to a security advisory in November 2020 seems to indicate that it’s out of support. Please keep safe - do not expose your NA