This discussion seems to have degenerated off into several tangents covering a variety of separate issues.
Yes this support forum layout is not ideal due in part to how WD has named their products. It has been a common complaint for years that WD is causing confusion with their product and firmware naming structure. WD should have a general thread for general discussions covering all of the My Cloud devices but they do not appear to have one. Many people erroneously come into this subforum thinking its a general forum to discuss issues with multi bay My Cloud units when technically its not.
With respect to the Meltdown and Spectre vulnerability. If the My Cloud processor is affected then the Meltdown and Spectre vulnerability are an issue even if one needs direct access to the device to issue the commands to exploit that specific vulnerability. The My Cloud line uses a number of different processors. Don’t know if there is a specific listing of what processors are affected by Meltdown and Spectre other than general listings like this one listing Intel processors:
WD typically doesn’t comment on specific security issues in these subforums other than to say they are looking into it, or to contact them directly, or that they’ve issued a firmware update to address the issue. There are valid reasons to not do so from a business standpoint just as there are valid reasons to inform one’s customers to specific vulnerabilities and how to mitigate them.
Right now there is a lot of hype, speculation, and potential fear mongering (not necessarily by anyone here) being spread on the Meltdown and Spectre and the various specific vulnerabilities of the My Cloud firmware.
Are these vulnerabilities serious? Yes. Should we My Cloud users be concerned about them? Yes. Should WD fix them ASAP? Yes. Should we toss out our My Cloud’s or not buy them because of these vulnerabilities? That is open to debate and everyone has their own opinion. It is important to remember that for most if not all these vulnerabilities it will require direct access to the My Cloud on the local network or for the user to visit a website that has been compromised with the specific malicious code that is targeting the My Cloud devices.
While I’m not diminishing the seriousness of the vulnerabilities discussed above, The reality is that the chances of a My Cloud being affected by these vulnerabilities is probably very slim for most users. If users take some basic common sense precautions (some of which has been previously discussed), the chances are significantly lessened they’ll ever be affected by these specific vulnerabilities, while we await WD to push out firmware that plugs these vulnerabilities.