Search criteria
6 vulnerabilities found for wd_discovery by westerndigital
CVE-2022-29835 (GCVE-0-2022-29835)
Vulnerability from nvd – Published: 2022-09-19 19:43 – Updated: 2024-08-03 06:33
VLAI?
Title
WD Discovery's Use of Weak Hashing Algorithm for Code Signing
Summary
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
Severity ?
5.3 (Medium)
CWE
- CWE-328 - Reversible One-Way Hash
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Western Digital | WD Discovery |
Affected:
WD Discovery Desktop App , < 4.4.396
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328 Reversible One-Way Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T19:43:53",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"solutions": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@wdc.com",
"ID": "CVE-2022-29835",
"STATE": "PUBLIC",
"TITLE": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WD Discovery",
"version": {
"version_data": [
{
"platform": "Mac",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
}
]
}
}
]
},
"vendor_name": "Western Digital"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-328 Reversible One-Way Hash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396",
"refsource": "MISC",
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-29835",
"datePublished": "2022-09-19T19:43:53",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15816 (GCVE-0-2020-15816)
Vulnerability from nvd – Published: 2020-07-17 19:16 – Updated: 2024-08-04 13:30
VLAI?
Summary
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application\u0027s process through library injection by using DYLD environment variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T19:16:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application\u0027s process through library injection by using DYLD environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability",
"refsource": "MISC",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15816",
"datePublished": "2020-07-17T19:16:07",
"dateReserved": "2020-07-17T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12427 (GCVE-0-2020-12427)
Vulnerability from nvd – Published: 2020-05-13 14:28 – Updated: 2024-08-04 11:56
VLAI?
Summary
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:51.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T14:28:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en",
"refsource": "MISC",
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"name": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf",
"refsource": "CONFIRM",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12427",
"datePublished": "2020-05-13T14:28:31",
"dateReserved": "2020-04-28T00:00:00",
"dateUpdated": "2024-08-04T11:56:51.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29835 (GCVE-0-2022-29835)
Vulnerability from cvelistv5 – Published: 2022-09-19 19:43 – Updated: 2024-08-03 06:33
VLAI?
Title
WD Discovery's Use of Weak Hashing Algorithm for Code Signing
Summary
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
Severity ?
5.3 (Medium)
CWE
- CWE-328 - Reversible One-Way Hash
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Western Digital | WD Discovery |
Affected:
WD Discovery Desktop App , < 4.4.396
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328 Reversible One-Way Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T19:43:53",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"solutions": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@wdc.com",
"ID": "CVE-2022-29835",
"STATE": "PUBLIC",
"TITLE": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WD Discovery",
"version": {
"version_data": [
{
"platform": "Mac",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
}
]
}
}
]
},
"vendor_name": "Western Digital"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-328 Reversible One-Way Hash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396",
"refsource": "MISC",
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-29835",
"datePublished": "2022-09-19T19:43:53",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15816 (GCVE-0-2020-15816)
Vulnerability from cvelistv5 – Published: 2020-07-17 19:16 – Updated: 2024-08-04 13:30
VLAI?
Summary
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application\u0027s process through library injection by using DYLD environment variables."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T19:16:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application\u0027s process through library injection by using DYLD environment variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability",
"refsource": "MISC",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15816",
"datePublished": "2020-07-17T19:16:07",
"dateReserved": "2020-07-17T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12427 (GCVE-0-2020-12427)
Vulnerability from cvelistv5 – Published: 2020-05-13 14:28 – Updated: 2024-08-04 11:56
VLAI?
Summary
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:51.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T14:28:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en",
"refsource": "MISC",
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"name": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf",
"refsource": "CONFIRM",
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12427",
"datePublished": "2020-05-13T14:28:31",
"dateReserved": "2020-04-28T00:00:00",
"dateUpdated": "2024-08-04T11:56:51.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}