Bit more on this. From the Recommended Security Measures for WD My Book Live and WD My Book Live Duo posting by WD:
We have heard customer concerns that the current My Cloud OS 5 and My Cloud Home series of devices may be affected. These devices use a newer security architecture and are not affected by the vulnerabilities used in this attack. We recommend that eligible My Cloud OS 3 users upgrade to OS 5 to continue to receive security updates for your device.
And from an earlier WD posting, Recommended Upgrade to My Cloud OS 5 they state the following with respect to security updates on OS3 firmware.
We will not provide any further security updates to the My Cloud OS3 firmware. We strongly encourage moving to the My Cloud OS5 firmware. If your device is not eligible for upgrade to My Cloud OS 5, we recommend that you upgrade to one of our other My Cloud offerings that support My Cloud OS 5. More information can be found here: WD My Cloud OS 5 Mobile App and Desktop Web Access | Western Digital
First gen single bay My Cloud users are basically out of luck since they cannot update their units to OS5 firmware. This leaves first gen users several options IF the v4.x firmware is affected by CVE-2018-1842 or similar CVE’s that can allow root access to the firmware/device. At the very least, block broadband access to the first gen My Cloud, this includes disabling Cloud Access and FTP access. Of course this cripples a core “feature” of the device, remote access/cloud access. Load a different OS to the first gen My Cloud, one which either isn’t affected by this or other similar CVE’s or which is continuing to have it’s OS code updated.
Clean OS (Debian), OpenMediaVault and other “firmwares”
https://community.wd.com/t/clean-os-debian-openmediavault-and-other-firmwares/93714
If after blocking broadband access to one’s My Cloud they still need remote access to the unit, one option for users is to use VPN to access their local network and the My Cloud on that network. There are a number of free and paid VPN servers one can setup on their local network to gain secure remote access to their My Cloud.
