Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users.
August 9, 2023 By Eduard Kovacs
Critical vulnerabilities discovered by IoT and industrial cybersecurity firm Claroty in Western Digital (WD) and Synology network-attached storage (NAS) products could have exposed the files of millions of users.
The vulnerabilities and their exploitation was demonstrated at the Zero Day Initiative’s Pwn2Own Toronto hacker contest in December 2022, where participants earned a total of nearly $1 million for hacking smartphones, printers, routers, NAS devices, and smart speakers.
Both vendors have pushed out patches (in some cases automatically) and published advisories to inform customers about the vulnerabilities. Synology released one advisory and WD published three advisories, in December, January and May.
