November last year three vulnerabilities with the CVEs CVE-2019-18929, CVE-2019-18930 and CVE-2019-18931 with a severity of HIGH and a CVSS score ranging between 8.8 and 9.0 have been published in public for the EX2 Ultra firmware versions 2.31.183 and 2.31.195:
Thank you for reporting your findings. WD takes the safe and secure use of our products seriously.
Please note that we have a Product Security Support Process which is the best way to ensure we are aware of a potential security issue. We have forwarded this message to the PSIRT for review.
It seems the description.txt available in the linked github repositories of the Researcher contains the following text so your PSIRT might be already aware / informed about this:
[Has vendor confirmed or acknowledged the vulnerability?]
Thank you! Both My Cloud ex2 ultra systems say that they cannot connect to update service (it worked flawless in the past, and I introduced no significant changes in my network devices or settings). And I could not find this new version with Google.
Kind regards, Maurice.