Patched. Since original post. Dont drink miller lite and post on the forum unless your gonna share right?
@brannonb This sub-forum is for the WD MY CLOUD 
. I own two and haven’t had any problems.
Posted WHAT info over a month ago to a security team?
It would help if you added some specific information to your post and to which My Cloud model/firmware version to provide context to your complaint and reason for taking devices off line. Otherwise we end users are simply looking at your vague post for what it is, just another complaint by another user with no supporting information. You provide no reason other than your opinion as why others should take their My Clouds offline.
Is your issue related to remote access? Local access? Some other issue? What is the specific security issue?
I agree - - - some additional info would be nice.
However. . . The EX2 and MyClouds use very, very similar firmware. There have been security issues in the past.
MOST people would not see problems with this. . .and MOST people don’t expose these devices to the internet; except maybe through the MyCloud servers. . .which represents a lower security threat of a different nature.
I don’t expose these machines to the internet directly.
I
True. The v2.x firmware My Cloud unit’s firmware is similar with certain feature/options disabled on certain My Cloud models.
However, the v4.x firmware for the first gen single bay My Cloud is different. As such there are security vulnerabilities that may affect the 2.x firmware units that do not affect the 4.x firmware and vise versa.
Without knowing the exact security vulnerability its hard to say if its an issue users should take seriously and turn off or lock down their My Cloud’s, or one to be aware of and continue on as normal and wait for WD to maybe get around to fixing it.
Unless the security issue is related to being accessed remotely and injecting the vulnerability code through that remote access, most other methods of code injection/modification would rely on local network access or local network device being compromised.
Ah - I was unaware of that difference. Thanks for the feedback.
I must have 2.x firmware Mycloud. . . I also have a EX2 Ultra. . . and MyPassport Wireless. The interfaces on all of these units are all have striking similarities.
From what I have seen, and how they interact with both HTTPS and the WDcloud. . . it just doesn’t seem like the cyber protections on these devices is very strong.
At this point, I would love to buy a 10TB MyCloud with shiny new firmware. A shame that WD went to the functionally compromised MyCloudHome platform.
The v4.x Dashboard is similar to the newer v2.x firmware with the exception of a few elements. The underlying difference is the use of busybox on the v2.x firmware. The older v4.x units use a stripped down version of Debain.
As much as I liked the single bay My Cloud for it’s simplicity, because of the various issues I’ve had with the firmware over the years, I decided to spend the money and move up to using Synology. Light years better experience. I’ve also moved to using a VPN server rather than WD various methods of remote access. Didn’t like the fact that when WD had back end issues remote access to the My Cloud would stop working.
No way was I going to update to the My Cloud Home. That unit is a downgrade compared to even the old first gen My Cloud that I’m using now. LOL
While I don’t have the same knowledge of the details as you have. . . . I think I have reached similar conclusions.
For me, I have now abandoned remote access to the WD drives in favor of simply “taking the data with me” on small external drives. Part of it is the WD software. . .part of it was the realization that I needed to upgrade my internet $ervice if I was going to seriously stream from my NAS box’s.
I will continue to use the WD NAS devices I have. . .because they are serving well for basic NAS functionality. No regrets about buying these units. But when (not if) I upgrade. . .Synology is on top of the list.
My Apologies, Under the NDA I signed with WD, I cannot disclose any details. My sincere apologies for trying to hype up a 3 year old vuln (thats been patched since then)…
