The vulnerability was discovered in 2020 by security researchers looking to take part in the Pwn2Own hacking competition. The company later released its latest version of the software, MyCloud OS 5, which made the bug obsolete.
However, Western Digital has made no statement on whether the flaw has been addressed on MyCloud OS 3 devices and instead urged customers to upgrade to My Cloud OS 5 or purchase a new My Cloud OS 5-supported device.
The researchers recommended that users of MyCloud OS 3 ensure their devices are not remotely reachable via the Internet and have also released a patch they created to address the vulnerabilities, though it needs to be reapplied every time the device is rebooted.