CVE-2020-12427

Published: May 13, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.

Affected (1)

Products: Westerndigital: Wd Discovery

Westerndigital

1 product

Wd Discovery

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Westerndigital Wd Discovery	Before 3.8.229

Running on/with	Platform Versions
Apple Macos	All versions
Microsoft Windows	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://support.wdc.com/downloads.aspx?g=907&lang=en

Source: cve@mitre.org

Vendor Advisory

https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf

Source: cve@mitre.org

Vendor Advisory

https://support.wdc.com/downloads.aspx?g=907&lang=en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.