Read more.Quote:
Easy remote exploit bug remains unfixed, despite notifications to WD since April 2017.
Printable View
Read more.Quote:
Easy remote exploit bug remains unfixed, despite notifications to WD since April 2017.
The UI screenshot contains a public IP address in the address bar.
Lol, it's like takeaway companies that are 10 minutes late and you call them and they say "driver has just left and will be with you shortly!"
Sounds like they had done nothing until it had been publicised, how silly.
It's always disappointing to see when companies take their time on fixing serious security issues like this, when it should be considered essential to rectify as quickly as possible.
But obviously this is the reason that public disclosure exists, to force them into it if it hasn't been done in a reasonable timeframe. The fact that they were given more than three times the standard 90 days, only to still fail to do anything proves the point even more.
Why would you ever allow remote access IF you care about someone else accessing your data?
tbh any device should come with plain warning - "enabling remote access makes device vulnerable"