So I scanned my device (MyBook Live 2TB with newest firmware) with Nessus and one of the plugins actually found a serious security flaw.

There is a web server running on port 49152 with root credentials. It can be tricked into showing any file on the device including /etc/passwd and /etc/shadow to anyone in the network.

Go ahead and try it out on your own device: http://mybooklive:49152//etc/shadow

The application in question is located at /usr/local/bin/upnp_nas_device/.

Is there any way to fix this?

Also with the new firmware ( 01.03.03 ) the issue is still present.

Nice catch. I'm not sure the application in question is /usr/local/bin/upnp_nas_device, as deleting it doesn't close the hole. Stopping apache doesn't close the hole either.

49152 is the first dynamic port, so google isn't going to tell me what's likely to be running on it. Removed startup script for upnp_device and it doesn't seem to have broken anything, but the hole remains open.

No further ideas

edit: Well, that was thick. The port is closed, but iceweasel kept the file in cache, and consequently I didn't notice when it shut. I think that the following will close this hole, but I'd appreciate someone checking as I spent a while playing with nmap and changing services before remembering cache exists.

mv /usr/local/bin/upnp_nas_device /root/ #move the offending file to /root
mv /etc/init.d/upnp_nas /root/ #move the offending startup script to /root
update-rc.d upnp_nas remove #kill all references to the script
reboot

So, does anyone know what the binary was supposed to be doing? Mediatomb has survived this abuse, as has samba.
Edit: I started a new thread on the WD community forums. Link. In case it goes the way of the previous one,

That IS the DLNA interface. And that's a MAJOR bug.

According to Tony and Laura of WD community, this hole is closed in the 01.04.06 update. I have not confirmed this, but I believe them.