The latest zero-day involves an attack chain that allows an unauthenticated intruder to execute code as root and install a permanent backdoor on Western Digital NAS devices. Western Digital has said that its update My Cloud OS 5 fixed the bug. But the researchers who found the bug say OS 5 is a complete rewrite of OS 3 that skewered some popular features and functionality. As such, not all users are likely to upgrade to OS 5, as such, some users might not decide to upgrade.
Source: https://threatpost.com/rce-0-day-western-digital-users/167547/