The libupnp thingy was reported few years ago for the WD MyCloud Mirror Gen1 here:
https://community.wd.com/t/security-vulnerability-cve-2016-6255-in-libupnp-allows-file-upload/176448
Even the recent firmware version 2.11.169 of the MyCloud Mirror is still vulnerable so i wouldn’t put much hope into getting a fix for this.
There is another recent flaw in Twonky where the My Cloud EX4 might be affected as well:
