Exactly, that’s why i had pointed out in my initial post that my observations are from a MyCloud Mirror 1st Gen:
and that it might be possible that other models / generations are affected as well by those known / existing vulnerabilities:
And most stuff on the https://www.exploitee.rs wiki page seems to have been tested on a MyCloud EX2 but the MyCloud Mirror 1st Gen was affected by all vulnerabilities as well.
As the MyCloud Mirror Changelog is containing notes about fixed vulnerabilities, where not all known are fixed as shown above this might apply for the plain MyClouds as well. Thus i assume that the Changelogs can’t be trusted fully.
So if you’re on a MyCloud (which you’re obviously are based on this forum) you can verify the two posted vulnerabilities against your device. And if the device is still vulnerable the posts are fitting here (in the “Latest firmware still vulnerable thread”) as well.