Western Digital will start providing free data-recovery services in July for people whose data was wiped off their network-attached storage (NAS) devices last week. Western Digital also released new details about that zero day, which exploited the newly identified vulnerability CVE-2021-35941. Theories about why the attack involved two devastating exploits include the suggestion that rival threat actors were duking it out for control of the compromised devices, then password-protecting a new vulnerability. The company traced the unauthenticated factory reset vulnerability back to April 2011, when My Book Live underwent a refactor of authentication logic.
Source: https://threatpost.com/zero-day-wipe-my-book-live/167422/