Exploiting Cloud Connectivity to PWN your NAS: WD PR4100

Team82 reports multiple critical vulnerabilities in Western Digital My Cloud OS5 that allowed large-scale enumeration of cloud-connected NAS devices (via certificate harvesting and CT logs), impersonation of devices using publicly-leaked GUIDs to hijack cloud tunnels and steal user JWTs, and a chained file-write plus reboot issue leading to remote code execution; Western Digital has since issued firmware updates and restricted unpatched devices from connecting to the cloud.