MyCloud is a service that runs on the NAS. The exploits documented on the site you link to allow three different things:
1) Bypass login and pose as a MyCloud administrator
2) Place files anywhere on the NAS
3) Execute commands on the NAS
These exploits are limited to the NAS device itself, but as you point out, once an attacker has gained access to the NAS, he can use that as a stepping stone into your home network / your connected devices.
For example, the ability to place any file he wants on the NAS allows him to place viruses, trojans and other malware on your NAS. Once you open the affected files on your other devices, they might become infected.
Having access to the NAS itself allows an attacker to spy on your unencrypted network traffic unless your network is very well protected against various spoofing techniques. For example, if you're using a local mail program to send and receive mail and you communicate with your mail server unencrypted, an attacker can potentially read (and change) all your incoming and outgoing e-mail.
The compromised NAS does NOT give an attacker immediate direct access to data sitting on devices that simply connect to the NAS via a file-exchange protocol such as SMB, NFS, FTP in order to use network storage. However, the NAS will (most likely) have an unfiltered view of the network services running on the devices in your home network. If, for example, you're using windows and you've enabled file sharing on all computers in your home network, this service will also be visible to an attacker sitting on the NAS.
Access to the NAS also gives an attacker access to the password database of the NAS. Depending on how well passwords are protected by the NAS software, this might allow an attacker to recover your passwords, and since it's not a stretch to assume that you reuse this password elsewhere, he could gain access to other services you use.
For these reasons, I would never ever run a cloud solution of one of the consumer grade NAS providers on my home network. If you really want to do that, you should at the very least put a firewall between the NAS and the rest of your home network. While this won't help against the NAS passively infecting your other devices with trojans, it will at least make actively attacking your other devices from the NAS, and spying on your network traffic from the NAS, much harder.
The firewall can also be used to deny any connections from the NAS into the internet (except the ones needed to do file sharing), which will help against your NAS being coopted as part of a botnet.