As standard practice, we encourage customers to contact our technical support team should they have questions about or need help with maintaining their Western Digital products.
Recently, security researcher Securify published an authentication bypass vulnerability for our My Cloud products (My Cloud Home is exempt from the vulnerability). We are in the process of finalizing a scheduled firmware update that will resolve the reported issue. We expect to post the update on our technical support site at https://support.wdc.com/ within a few weeks.
In this case, the vulnerability requires an attacker to already have access to a My Cloud owner’s local network or the My Cloud owner would have had to change factory settings in Dashboard Cloud Access allowing additional remote access to the My Cloud device. We urge customers to implement sound data protection practices such as password protection, including properly securing their routers, as well as regular data backups. As a reminder, we also urge customers to ensure the firmware on their products is always up to date; enabling automatic updates is recommended.
Models with Dashboard Cloud Access:
My Cloud EX2
My Cloud EX4
My Cloud EX2100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud DL2100
My Cloud DL4100
My Cloud PR2100
My Cloud PR4100
My Cloud Mirror
My Cloud Mirror Gen 2
Dashboard Cloud Access: The Dashboard Cloud Access feature is available under Settings->General->Cloud Access.
Port Forwarding: Port forwarding of HTTP connections should be disabled on the My Cloud device and the router. On My Cloud devices the port-forwarding feature is available under Settings->Network->Port Forwarding and can be used only if the connected router supports uPnP.
Western Digital works continuously to improve the capability and security of our products, including with the security research community to address issues they may uncover. We encourage responsible disclosure by customers and researchers to ensure our customers are protected while we address valid vulnerabilities.