CVE-2021-35941 Explained : Impact and Mitigation
Learn about CVE-2021-35941 affecting Western Digital WD My Book Live and My Book Live Duo, allowing unauthorized system factory restores without authentication. Find out the impact, affected systems, and mitigation steps.
Western Digital WD My Book Live and WD My Book Live Duo are affected by CVE-2021-35941, allowing an attacker to perform a system factory restore without authentication. The vulnerability was exploited in the wild in June 2021.
Understanding CVE-2021-35941
This section delves into the details of the vulnerability and its potential impact.
What is CVE-2021-35941?
The CVE-2021-35941 vulnerability affects Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions). It stems from an administrator API that enables performing a system factory restore without the need for authentication.
The Impact of CVE-2021-35941
The exploitation of CVE-2021-35941 in June 2021 allowed threat actors to carry out unauthorized system factory restores on affected devices.
Technical Details of CVE-2021-35941
This section outlines the specific technical aspects of the vulnerability.
Vulnerability Description
The vulnerability allows an attacker to execute a system factory restore via the administrator API without requiring authentication, leading to unauthorized manipulation of the device.
Affected Systems and Versions
All versions of Western Digital WD My Book Live Duo and 2.x and later versions of WD My Book Live are impacted by CVE-2021-35941.
Exploitation Mechanism
Malicious actors exploited this vulnerability in June 2021 to conduct mass system wipes on vulnerable devices.
Mitigation and Prevention
Here, we discuss steps to mitigate the risks associated with CVE-2021-35941.
Immediate Steps to Take
Users are advised to disconnect affected devices from the internet and perform a factory reset to prevent unauthorized access.
Long-Term Security Practices
Implementing strong network segmentation and regular security updates can help enhance the overall security posture of the devices.
Patching and Updates
Ensure that all Western Digital WD My Book Live and WD My Book Live Duo devices are updated with the latest firmware and security patches to mitigate the CVE-2021-35941 vulnerability.