It has been acknowledged that the home and office MyBook Live cloud devices have become compromised and are being remotely reset by bad actors. Here is the message from the WD website.
"Last Updated: June 24, 2021
Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.
At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device.
CVE Number: CVE-2018-18472
First, take Western Digital's advice to remove the Network cable from the box and power the unit off.
Call us on 01223 828800 to talk to an engineer about what can be done about recovering the data.
Data recovery from these devices is dependent on the type of reset made to the device.
A factory reset will remove all indexing system. Files are usually recoverable, but without file names or folders. This is mainly good for photos and files that have been saved as backups. Where larger files are frequently written to often, the data becomes inconsistent.
Wizcase is a group of network security experts that discovered the flaws, not only in WD My Book, but also on at least three other manufacturers of NAS boxes. Including Netgear, Seagate and Medion.
Considering their update was made in November 2020, these manufacturers, and most importantly - their users may find themselves in a similar situation.
You can read the technical details at this site.
The vulnerabilities allow hackers, governments, or anyone with malicious intention to read files, add/remove users, add/modify existing data, or execute commands with highest privileges on all of the devices.
The NIST National Vulnerability Database describes the vulnerability as.
1. Critical 9.8 (CVVS Ver 3)
2. High 10 (CVVS Ver 2)
Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug via shell metacharacters in the /api/1.0/rest/language_configuration language parameter. It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands