Hackers exploited two flaws in event that remotely wiped Western Digital devices
By Jozef in Technology
Updated 3 years ago
After Western Digital My Book Live owners around the world reported that their devices were wiped remotely overnight, the company issued a statement blaming a specific vulnerability (CVE-2021-35941) for the event. An external investigation conducted by Ars Technica and Derek Abdine (CTO at security firm Censys) has revealed, however, that the bad actors exploited another undocumented vulnerability in a file aptly named system_factory_restore.