If you are a proud owner of a WD My Cloud NAS device, it's time to pay attention. The company's My Cloud NAS devices have been found vulnerable to remote hacking via the Internet and can potentially allow hackers to get access to your account and even upload files without permission.
Although the login bypass bug has been fixed by the company with a software update, Exploitee.rs claims the fix introduced another bug. This, along with other security flaws have been published by the Exploitee.rs team even before they have been patched supposedly to force Western Digital into taking action.
The devices in question regarding the security flaws include WD My Cloud Gen 2, My Cloud Mirror, My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX2, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, and My Cloud DL4100.
Exploitee.rs says that usually the team works with the vendors to ensure that the fixes are released properly for the flaws, however, Western Digital's "reputation within the community" made the team publish the flaws to public right away. The team says that as WD has developed a reputation for ignoring the severity of the bugs reported to it, they are trying to "alert the community of the flaws" so that users can limit access of their WD My Cloud devices to the Internet as much as possible.