Re: NetGear Armor and Western Digital NAS vulnerabilities on RAX 50

jmhga44 · ‎2022-04-11

My NetGear Armor is continuously detecting vulnerabilities on my Western Digital Mycloud drive even though it is not connected to the Internet (software is out of life). It doesn't seem to detect any problems on anything else I've got connected to my home network. Would anyone have any ideas on how to solve this? This might become a moot point next month when the Netgear Armor subscription runs out and I might not renew it.

MetsFan69 · ‎2022-04-16

Same problem here with my WD MyCloud 6TB. Has detected vulnerabilities since day one of having Armor. I also have the latest MyCloud firmware: 5.21.10, and cloud access is disabled on MyCloud.

Not sure if they are false positives or are unaddressed vulnerabilities by WD.

jmhga44 · ‎2022-04-16

Thanks for the response. At least I'm not the only one with this situation.

Topology · ‎2022-04-18

Perhaps NETGEAR Armor is detecting the existence of a default username/password for the WD My Cloud device, even if cloud access is disabled?

MetsFan69 · ‎2022-04-18

It finds >139 vulnerabilities and I'm not using default authentication

Jeffgear · ‎2022-04-20

A quick search on the ISC2 vulnerability database shows a few critical vulnerabilities for Western Digital Mycloud. Armor may be detecting indicators related to these vulnerabilities if present on your service. It might be worth following upon the CVEs for the vendor's mitigation guidance.

My setup: ISP - NOW NZ 900/400mbps plan with Chorus fibre ONT. Orbi Mesh - RBR50v2, RBS50v2 indoor satellite, RBS50Yv2 outdoor satellite. Meural Canvas II 27".

jmhga44 · ‎2022-04-21

The vulnerabilities you show in your post seem to be for the WD MyCloud PR4100..that's not the model I have. How did you find those?

jmhga44 · ‎2022-04-21

Jeffgear.. I also just found out about a firmware update for my drive to v4.06.00-111 and am applying it. I'll see what NetGear Armor shows after that gets applied.

Jeffgear · ‎2022-04-21

I search for WD mycloud in a vulnerability database service that the ISC InfoSec organisation provides to its subscribers. Although this is not for non members the CVE numbers can be googled for more details. As you correctly point out the ones I listed are for a different model but I suspect they may be present across their platform as is sometimes the case. I could not find anything specific to your model but if you research the CVE and vendor’s vulnerability notifications you may be able to confirm if your particular model is affected. If not, I suspect it’s an Armor false -+ve.

My setup: ISP - NOW NZ 900/400mbps plan with Chorus fibre ONT. Orbi Mesh - RBR50v2, RBS50v2 indoor satellite, RBS50Yv2 outdoor satellite. Meural Canvas II 27".

Jeffgear · ‎2022-04-21

Fingers crossed it fixes the alerts. If not then I suspect a false +ve.

My setup: ISP - NOW NZ 900/400mbps plan with Chorus fibre ONT. Orbi Mesh - RBR50v2, RBS50v2 indoor satellite, RBS50Yv2 outdoor satellite. Meural Canvas II 27".