Thu, 09/02/2021 - 12:00
Among targets for the Pwn2own Tokyo 2020 was 2 NAS, the Synology DiskStation DS418play and Western Digital My Cloud Pro PR4100. We took a look at both, and quickly found out Western Digital PR4100 was vulnerable via its webserver.
However, exploitation was not THAT easy (it was not that hard either) and ultimately it did not even mattered since the vulnerability was wiped by a major OS update pushed mere days before the contest.
In the end, the vulnerable code we audited might not have even been written by Western D...