WD MyCloud Mirror Gen 2: Affected?

Continuing the discussion from New Release - My Cloud Mirror Firmware Release 2.11.163 (3/20/2017):

I abstain from commenting on the quality of WD’s responses to this and previous bugs in their My Cloud platform.

I only have a simple question: If WD MyCloud Mirror Gen2 is also affected (which exploits.rs indicates) then what download is one supposed for that machine?

In the linked article with the release numbers the version number for that system is lower than the last release from Gen 2 in December (which was 2.21.126 vs what is offered here ie. 2.11.163).

If the guys at WD are already confused handling their release numberings then I should not be surprised be the shocking number of software bugs …

You probably didn’t see the edit I added to the original announcement I made in the “My Cloud “Login Bypass” Vulnerability (3/7/17)” topic, but here it is below. There is no mistake in the firmware versions. Your update is on the way.

Does WD have any kind of ETA on when the patch for the My Cloud Gen2 will be released?


It is over a month now, I would like to know when you will release the security update for the MyCloud Mirror Gen2 removing the reported bug? My cloud is now offline since then and it would be nice to know when I can make use of the equipment?
It is a nuisssance that I had to stop using the Z-Way for my Smarthome and invest in a dedicated server because your system is not reliable enough. Now having lost already close to 10% availability of the MyCloud cloud in 2017 is not worthy of a manufacturer of your standing …

At this point, its probably just worth dumping any WD NAS products and starting over with another products from a company that takes data security seriously. WD has shown no willingness to communicate with customers about impacted products, clearly doesn’t take security or the safety of it’s customer’s data seriously, and nothing about the latest incident suggests that will change. It’s now been 3 months since they were first contacted about the issue, and a month and a half since it was publicly revealed and still nothing.