Discovered Vulnerability-related.DiscoverVulnerability by a security researcher who goes by the name of Zenofex , these security flaws have not been reported Vulnerability-related.DiscoverVulnerability to Western Digital , are still unpatched Vulnerability-related.PatchVulnerability , and with public exploit code is available for more than half of the vulnerabilities . According to Zenofex multiple WD MyCloud NAS device models are affected Vulnerability-related.DiscoverVulnerability , such as : Zenofex 's decision not to inform Vulnerability-related.DiscoverVulnerability Western Digital came after the researcher attended a security conference last year , where other infosec professionals complained about Western Digital ignoring vulnerability reports Vulnerability-related.DiscoverVulnerability . It was at the same conference , Black Hat USA 2016 , where Western Digital also won a Pwnie Award in a category called `` Lamest Vendor Response . '' `` Ignoring these bugs would leave the vulnerable devices online for longer periods while responsible disclosure Vulnerability-related.DiscoverVulnerability is worked out , '' Zenofex argued his decision not to wait until Western Digital patches Vulnerability-related.DiscoverVulnerability the security bugs . `` Instead we ’ re attempting to alert Vulnerability-related.DiscoverVulnerability the community of the flaws and hoping that users remove their devices from any public facing portions of their networks , limiting access wherever possible , '' he added . Zenofex , who 's a member of the Exploitee.rs community , says he found Vulnerability-related.DiscoverVulnerability a whopping total of 85 security issues . Based on the exploit code , many of these security flaws can be exploited Vulnerability-related.DiscoverVulnerability by altering cookie values or embedding shell commands in cookie parameters . When the image loads inside their browser , the exploit code executes against the local NAS drive and takes over the device . The most severe of these issues , according to Zenofex , is authentication bypass issue , which ironically was also the easiest to exploit , requiring only the modification of cookie session parameters . And since Murphy 's Law applies to hardware devices as well , things went wrong all the way , and the commands are n't executed under a limited user , but run under root , giving attackers full control over affected devices , allowing them to upload or download data at will .

A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet . The flaw that allows this to happen is found Vulnerability-related.DiscoverVulnerability in a custom version of GoAhead , a lightweight embedded web server that has been fitted into the devices . This and other vulnerabilities have been found Vulnerability-related.DiscoverVulnerability by security researcher Pierre Kim , who tested one of the branded cameras – the Wireless IP Camera ( P2P ) WIFICAM . The extensive list of devices affected by Vulnerability-related.DiscoverVulnerability the flaw in the custom embedded web server can be found Vulnerability-related.DiscoverVulnerability here , and includes 1250+ camera models from over 300 vendors , including D-Link , Foscam , Logitech , Netcam , and Polaroid . “ This vulnerability allows an attacker to steal credentials , ftp accounts and smtp accounts ( email ) , ” Kim noted Vulnerability-related.DiscoverVulnerability . He also shared Vulnerability-related.DiscoverVulnerability a PoC exploit that leverages the flaw to allow an attacker to achieve root shell on the device . Other vulnerabilities present Vulnerability-related.DiscoverVulnerability include a RTSP server running on the camera ’ s TCP 10554 port , which can be accessed without authentication , allowing attackers to watch what the camera streams . There is also a “ cloud ” functionality that is on by default , through which the camera can be managed via a mobile Android app . The connection between the two is established through UDP , and will be automatically established to any app that “ asks ” if a particular camera is online . Effectively , the attacker just needs to know the serial number of the device . The established UDP tunnel can also be used by the attacker to dump the camera ’ s configuration file in cleartext , or to bruteforce credentials . “ The UDP tunnel between the attacker and the camera is established even if the attacker doesn ’ t know the credentials , ” Kim noted . “ It ’ s useful to note the tunnel bypasses NAT and firewall , allowing the attacker to reach internal cameras ( if they are connected to the Internet ) and to bruteforce credentials . Then , the attacker can just try to bruteforce credentials of the camera ” . Kim advises owners of these devices to disconnect them from the Internet . A simple search with Shodan revealed Vulnerability-related.DiscoverVulnerability that there are 185,000+ vulnerable cameras out there , ready to be hijacked . The vulnerabilities are not in GoAhead , but the custom version of the web server developed by the Chinese OEM vendor , so EmbedThis – the company that develops GoAhead – can do nothing to fix Vulnerability-related.PatchVulnerability this . Interestingly enough , SecuriTeam revealed Vulnerability-related.DiscoverVulnerability today the existence of an arbitrary file content disclosure Vulnerability-related.DiscoverVulnerability vulnerability affecting Vulnerability-related.DiscoverVulnerability older versions of the GoAhead web server . Discovered Vulnerability-related.DiscoverVulnerability by independent security researcher Istvan Toth , the vulnerability can be triggered by sending a malformed request to the web server , and it will disclose device credentials to the attacker in clear text . “ The GoAhead web server is present on multiple embedded devices , from IP cameras to printers and other embedded devices , ” SecuriTeam explained , and urged owners to remove the device from the network , “ or at the very least not allow access to the web interface to anyone beside a very strict IP address range ”