I need to report a vulnerability

I need to report a vulnerability in WD MyCloud EX2 devices. Who do I contact?

@subsonic I will PM you.

Hey. Any updates on the status? I know it may take a while, I was just wondering if there’s any feedback.


The information provided has been submitted to our security teams for analysis.
Have you a CVE number to share?

I don’t have a CVE number to share. I’m not sure if I should be reporting it for a CVE or letting WD do that and mention me in the credits. I didn’t want to report this for a CVE without coordinating with WD. I believe in responsible disclosure. My concerns are first and foremost responsible disclosure, giving WD ample time to review and fix the issue before I disclose it publicly, followed by my desire to get credit for any related CVE. Please advise on WD’s process for reporting vulnerabilities and assigning CVE’s. Thanks


My Cloud firmware 2.21.126 has been released to the field for the following products.

What’s new!

• Resolved security vulnerability related to remote access.
• Improved My Cloud Cloud connectivity across My Cloud web, mobile & client apps.

My Cloud (Single Bay 2.xx firmware)
Firmware Release 2.21.126 (12/13/2016)

My Cloud Mirror Gen2
Firmware Release 2.21.126 (12/13/2016)