Support Product Security

Western Digital My Cloud OS 5 Firmware 5.30.103

WDC Tracking Number: WDC-25001
Product Line/Web: My Cloud OS 5
Published: February 20, 2025

Last Updated: February 20, 2025

Description

My Cloud Firmware 5.30.103 includes updates to help improve the security of your My Cloud devices.

To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.

Product Impact
Last Updated
My Cloud PR2100
February 13, 2025
My Cloud PR4100
February 13, 2025
My Cloud EX2 Ultra
February 13, 2025
My Cloud EX4100
February 13, 2025
My Cloud Mirror Gen 2
February 13, 2025
My Cloud EX2100
February 13, 2025
My Cloud DL4100
February 13, 2025
My Cloud WDBCTLxxxxxx-10
February 13, 2025

For more information on the latest security updates, see the release notes.

Advisory Summary

Updated open-source GLIBC package to version 2.31-13+deb11u11 to resolve CVE-2023-4911 that allowed a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE Number: CVE-2023-4911

Updated open-source Samba package to version 4.17.12+dfsg-0+deb12u1~bpo11+1 to resolve CVE-2023-4154 that exposed passwords and secrets to users with privileges and Read-Only Domain Controllers.

CVE Number: CVE-2023-4154

Updated open-source curl package to version 7.74.0-1.3+deb11u13 to resolve CVE-2023-38545 that crashed curl application because of heap-based overflow and CVE-2023-38546 which allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.

CVE Number: CVE-2023-38545, CVE-2023-38546

Compare