Version of Samba in mycloud vulnerable to CVE-2014-3560?

I have a 2TB MyCloud with firmware version v04.01.02-417

When I ssh into the device and run “smbd -V” the samba version is indicated to be 4.0.0rc5.

Unfortunately, 4.0.0rc5 is probably susceptible  a remote code execution vulnerability in nmbd (the netbios name server). Does WD backport security fixes? Having reviewed the available source code it does not appear to be backported, but I may be blind.

Relevant NIST entry for the CVE is here:

Okay. I’ve reviewed the source for the MyCloud firmware. The patch fixing this bug in samba was commited here:;a=commitdiff;h=fb9d8c402614556d7a36f9e9efb72b3f4afe838a.

The bug is unpatched in the current version of MyCloud firmware.


Welcome to the WD Community.

Thanks for sharing, we have passed this along to support.