Hi! I have WD My Cloud 3TB. The firmware is up-to-date (version: 04.05.00-315). Unfortunately, AVAST Mac Security 2016 after scanning my home network Wi-Fi indicates that WD My Clouds contains a vulnerabilities CVE-2012-5958. Because of this, my WD is vulnerable to hacker attacks. What should I do in this situation?
Any device connected to the internet is potentially vulnerable to hacker attacks not just the My Cloud. If you are concerned about the potential of a hacker compromising your My Cloud then disable remote access through the My Cloud Dashboard.
With remote access disabled one would typically have to gain access to your network (or infect a computer on the network) to potentially gain access to the My Cloud.
However, with earlier firmware everything was fine. Then, after scanning my home Wi-Fi network there were no vulnerabilities in WD My Cloud. I think the new current firmware contains a security hole 
Or its possible the Avast program didn’t include CVE-2012-5958 vulnerability until recently.
In any case the issue remains the same. You can build your own firmware and include any security updates yourself by using the GPL firmware WD has available for the single bay My Cloud units. You can wait for WD to, maybe, fix the various security vulnerabilities that exist in the firmware at some time in the near or distant future. You can disable remote access in the My Cloud Dashboard so the CVE-2012-5958 vulnerability (if it exists in the current firmware) would (one assumes) only be an issue if someone hacked your local wired or WiFi network. You can further harden your local network by blocking access to the My Cloud to only select devices. Or you can unplug the My Cloud entirely. Choice is yours.
1 Like
