A vulnerability in Western Digital My Cloud network-attached storage (NAS) allows an attacker to bypass authentication and take control of the device with administrator permissions. The security bug, which received the identification number CVE-2018-17153 on Tuesday, was discovered by security researcher Remco Vermeulen at Securify on April 9, 2017, and reported to Western Digital the next day. The problem is not limited to this model, though, because My Cloud products share the same code. Western Digital says they are in the final stage of preparing a firmware update that will address the vulnerability.
Source: https://www.bleepingcomputer.com/news/security/my-cloud-nas-devices-vulnerable-to-auth-bypass-for-over-a-year/