My Cloud Firmware Version 04.05.00-334
WDC Tracking Number: WDC-19003
Published: March 12, 2019
Last Updated: May 14, 2020
Description
My Cloud Firmware 04.05.00-334 includes multiple updates to help improve the security of your My Cloud device.
Advisory Summary
Updated Netatalk to version 3.1.12 to address a memory unsafety vulnerability that could allow arbitrary code execution by an unauthenticated user.
- CVE Number: CVE-2018-1160
Updated Samba to version 4.3.11-16 to resolve a remote code execution vulnerability that could allow malicious clients to upload a shared library to a writeable directory and have the server load and execute it.
- CVE Number: CVE-2017-7494
The version of portable SDK for UPnP (Universal Plug and Play) was vulnerable to a number of remote code execution vulnerabilities. Resolved the issue by updating the libupnp component to version 1.6.25.
- CVE Number: CVE-2012-5958
Addressed additional Cross Site Request Forgery (CSRF) issues throughout My Cloud Dashboard Web user interface.
Apache has been updated to version 2.4.34 to address multiple vulnerabilities.
Resolved unauthenticated remote command injection as root vulnerability in the My Cloud dashboard.
- CVE Number: CVE-2016-10107
- Reported by: Daniel Forse
Resolved unauthenticated remote command injection as root vulnerability on the My Cloud analytics page.
- CVE Number: CVE-2016-10108
- Reported by: Sam Thomas
The OpenSSL component has been updated to version 1.0.1t to address multiple vulnerabilities.
- CVE Number: CVE-2016-2107
- CVE Number: CVE-2016-2105
- CVE Number: CVE-2016-2106
- CVE Number: CVE-2016-2109
- CVE Number: CVE-2016-2176