My Cloud Firmware Version 04.05.00-334


WDC Tracking Number: WDC-19003
Published: March 12, 2019

Last Updated: May 14, 2020

Description

My Cloud Firmware 04.05.00-334 includes multiple updates to help improve the security of your My Cloud device.

Product Impact
Last Updated
My Cloud (FW 04.X)
March 12, 2019

Advisory Summary

Updated Netatalk to version 3.1.12 to address a memory unsafety vulnerability that could allow arbitrary code execution by an unauthenticated user.

Updated Samba to version 4.3.11-16 to resolve a remote code execution vulnerability that could allow malicious clients to upload a shared library to a writeable directory and have the server load and execute it.

The version of portable SDK for UPnP (Universal Plug and Play) was vulnerable to a number of remote code execution vulnerabilities. Resolved the issue by updating the libupnp component to version 1.6.25.

Addressed additional Cross Site Request Forgery (CSRF) issues throughout My Cloud Dashboard Web user interface.

Apache has been updated to version 2.4.34 to address multiple vulnerabilities.

Resolved unauthenticated remote command injection as root vulnerability in the My Cloud dashboard.

Resolved unauthenticated remote command injection as root vulnerability on the My Cloud analytics page.

The OpenSSL component has been updated to version 1.0.1t to address multiple vulnerabilities.