Search criteria
5 vulnerabilities found for WD Discovery by Western Digital
CVE-2024-22169 (GCVE-0-2024-22169)
Vulnerability from cvelistv5 – Published: 2024-08-02 18:31 – Updated: 2024-08-05 18:55
VLAI?
Title
Misconfiguration in node.js causing a code execution in WD Discovery
Summary
WD Discovery
versions prior to 5.0.589 contain a misconfiguration in the Node.js environment
settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable.
Any malicious application operating with standard user permissions can exploit
this vulnerability, enabling code execution within WD Discovery application's
context. WD Discovery version 5.0.589 addresses this issue by disabling certain
features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Western Digital | WD Discovery |
Affected:
0 , < 5.0.589
(custom)
|
Credits
Western Digital would like to thank YoKo Kho, Fahad Alamri, and AbdulKarim from HakTrak Cybersecurity Squad for reporting this issue
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:westerndigital:wd_discovery:-:*:*:*:*:mac_os:*:*"
],
"defaultStatus": "unknown",
"product": "wd_discovery",
"vendor": "westerndigital",
"versions": [
{
"lessThan": "5.0.589",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T18:52:00.824388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:55:48.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "5.0.589",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Western Digital would like to thank YoKo Kho, Fahad Alamri, and AbdulKarim from HakTrak Cybersecurity Squad for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWD Discovery\nversions prior to 5.0.589 contain a misconfiguration in the Node.js environment\nsettings that could allow code execution by utilizing the \u0027\u003cspan style=\"background-color: var(--wht);\"\u003eELECTRON_RUN_AS_NODE\u0027\u0026nbsp;\u003c/span\u003eenvironment variable.\nAny malicious application operating with standard user permissions can exploit\nthis vulnerability, enabling code execution within WD Discovery application\u0027s\ncontext. WD Discovery version 5.0.589 addresses this issue by disabling certain\nfeatures and fuses in Electron.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThe attack vector for this issue requires the victim to have the WD Discovery app installed on their\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003edevice.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\n\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "WD Discovery\nversions prior to 5.0.589 contain a misconfiguration in the Node.js environment\nsettings that could allow code execution by utilizing the \u0027ELECTRON_RUN_AS_NODE\u0027\u00a0environment variable.\nAny malicious application operating with standard user permissions can exploit\nthis vulnerability, enabling code execution within WD Discovery application\u0027s\ncontext. WD Discovery version 5.0.589 addresses this issue by disabling certain\nfeatures and fuses in Electron.\u00a0The attack vector for this issue requires the victim to have the WD Discovery app installed on their\u00a0device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:11.324Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-24004-wd-discovery-desktop-app-version-5-0-589"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers can\ndownload the latest version from the WD Discovery Downloads page or by\nfollowing the instructions on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support-en.wd.com/app/answers/detailweb/a_id/20465\"\u003eWD Discovery: Online User Guide\u003c/a\u003e\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Users can\ndownload the latest version from the WD Discovery Downloads page or by\nfollowing the instructions on the WD Discovery: Online User Guide https://support-en.wd.com/app/answers/detailweb/a_id/20465"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Misconfiguration in node.js causing a code execution in WD Discovery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2024-22169",
"datePublished": "2024-08-02T18:31:11.324Z",
"dateReserved": "2024-01-05T18:43:18.488Z",
"dateUpdated": "2024-08-05T18:55:48.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29835 (GCVE-0-2022-29835)
Vulnerability from cvelistv5 – Published: 2022-09-19 19:43 – Updated: 2024-08-03 06:33
VLAI?
Title
WD Discovery's Use of Weak Hashing Algorithm for Code Signing
Summary
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
Severity ?
5.3 (Medium)
CWE
- CWE-328 - Reversible One-Way Hash
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Western Digital | WD Discovery |
Affected:
WD Discovery Desktop App , < 4.4.396
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328 Reversible One-Way Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T19:43:53",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"solutions": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@wdc.com",
"ID": "CVE-2022-29835",
"STATE": "PUBLIC",
"TITLE": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WD Discovery",
"version": {
"version_data": [
{
"platform": "Mac",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
}
]
}
}
]
},
"vendor_name": "Western Digital"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-328 Reversible One-Way Hash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396",
"refsource": "MISC",
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-29835",
"datePublished": "2022-09-19T19:43:53",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22169 (GCVE-0-2024-22169)
Vulnerability from nvd – Published: 2024-08-02 18:31 – Updated: 2024-08-05 18:55
VLAI?
Title
Misconfiguration in node.js causing a code execution in WD Discovery
Summary
WD Discovery
versions prior to 5.0.589 contain a misconfiguration in the Node.js environment
settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable.
Any malicious application operating with standard user permissions can exploit
this vulnerability, enabling code execution within WD Discovery application's
context. WD Discovery version 5.0.589 addresses this issue by disabling certain
features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Western Digital | WD Discovery |
Affected:
0 , < 5.0.589
(custom)
|
Credits
Western Digital would like to thank YoKo Kho, Fahad Alamri, and AbdulKarim from HakTrak Cybersecurity Squad for reporting this issue
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:westerndigital:wd_discovery:-:*:*:*:*:mac_os:*:*"
],
"defaultStatus": "unknown",
"product": "wd_discovery",
"vendor": "westerndigital",
"versions": [
{
"lessThan": "5.0.589",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T18:52:00.824388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T18:55:48.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "5.0.589",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Western Digital would like to thank YoKo Kho, Fahad Alamri, and AbdulKarim from HakTrak Cybersecurity Squad for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWD Discovery\nversions prior to 5.0.589 contain a misconfiguration in the Node.js environment\nsettings that could allow code execution by utilizing the \u0027\u003cspan style=\"background-color: var(--wht);\"\u003eELECTRON_RUN_AS_NODE\u0027\u0026nbsp;\u003c/span\u003eenvironment variable.\nAny malicious application operating with standard user permissions can exploit\nthis vulnerability, enabling code execution within WD Discovery application\u0027s\ncontext. WD Discovery version 5.0.589 addresses this issue by disabling certain\nfeatures and fuses in Electron.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThe attack vector for this issue requires the victim to have the WD Discovery app installed on their\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003edevice.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e\n\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "WD Discovery\nversions prior to 5.0.589 contain a misconfiguration in the Node.js environment\nsettings that could allow code execution by utilizing the \u0027ELECTRON_RUN_AS_NODE\u0027\u00a0environment variable.\nAny malicious application operating with standard user permissions can exploit\nthis vulnerability, enabling code execution within WD Discovery application\u0027s\ncontext. WD Discovery version 5.0.589 addresses this issue by disabling certain\nfeatures and fuses in Electron.\u00a0The attack vector for this issue requires the victim to have the WD Discovery app installed on their\u00a0device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:11.324Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-24004-wd-discovery-desktop-app-version-5-0-589"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers can\ndownload the latest version from the WD Discovery Downloads page or by\nfollowing the instructions on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support-en.wd.com/app/answers/detailweb/a_id/20465\"\u003eWD Discovery: Online User Guide\u003c/a\u003e\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Users can\ndownload the latest version from the WD Discovery Downloads page or by\nfollowing the instructions on the WD Discovery: Online User Guide https://support-en.wd.com/app/answers/detailweb/a_id/20465"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Misconfiguration in node.js causing a code execution in WD Discovery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2024-22169",
"datePublished": "2024-08-02T18:31:11.324Z",
"dateReserved": "2024-01-05T18:43:18.488Z",
"dateUpdated": "2024-08-05T18:55:48.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29835 (GCVE-0-2022-29835)
Vulnerability from nvd – Published: 2022-09-19 19:43 – Updated: 2024-08-03 06:33
VLAI?
Title
WD Discovery's Use of Weak Hashing Algorithm for Code Signing
Summary
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
Severity ?
5.3 (Medium)
CWE
- CWE-328 - Reversible One-Way Hash
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Western Digital | WD Discovery |
Affected:
WD Discovery Desktop App , < 4.4.396
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Mac"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "WD Discovery",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "4.4.396",
"status": "affected",
"version": "WD Discovery Desktop App",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328 Reversible One-Way Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T19:43:53",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
],
"solutions": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@wdc.com",
"ID": "CVE-2022-29835",
"STATE": "PUBLIC",
"TITLE": "WD Discovery\u0027s Use of Weak Hashing Algorithm for Code Signing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WD Discovery",
"version": {
"version_data": [
{
"platform": "Mac",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
},
{
"platform": "Windows",
"version_affected": "\u003c",
"version_name": "WD Discovery Desktop App",
"version_value": "4.4.396"
}
]
}
}
]
},
"vendor_name": "Western Digital"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-328 Reversible One-Way Hash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396",
"refsource": "MISC",
"url": "https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294\u0026lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]. "
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2022-29835",
"datePublished": "2022-09-19T19:43:53",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202005-0339
Vulnerability from variot - Updated: 2023-12-18 13:12The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. (DoS) It may be put into a state. Western Digital MyCloud Home is a personal storage device from Western Digital. Western Digital WD Discovery is a remote connection management tool for Western Digital personal storage devices. Attackers can use this vulnerability to obtain data, modify the contents of the disk, or run out of disk space and other hazards
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wd discovery",
"scope": "lt",
"trust": 1.0,
"vendor": "westerndigital",
"version": "3.8.229"
},
{
"model": "wd discovery",
"scope": "eq",
"trust": 0.8,
"vendor": "western digital",
"version": "3.8.229"
},
{
"model": "digital western digital wd discovery",
"scope": "lt",
"trust": 0.6,
"vendor": "western",
"version": "3.8.229"
},
{
"model": "wd discovery",
"scope": "eq",
"trust": 0.1,
"vendor": "westerndigital",
"version": "2.12.127"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"db": "VULMON",
"id": "CVE-2020-12427"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "NVD",
"id": "CVE-2020-12427"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:westerndigital:wd_discovery:*:*:*:*:*:my_cloud_home:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.229",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12427"
}
]
},
"cve": "CVE-2020-12427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-005409",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-25951",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-12427",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005409",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12427",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005409",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-25951",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-716",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12427",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"db": "VULMON",
"id": "CVE-2020-12427"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "NVD",
"id": "CVE-2020-12427"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. (DoS) It may be put into a state. Western Digital MyCloud Home is a personal storage device from Western Digital. Western Digital WD Discovery is a remote connection management tool for Western Digital personal storage devices. Attackers can use this vulnerability to obtain data, modify the contents of the disk, or run out of disk space and other hazards",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12427"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"db": "VULMON",
"id": "CVE-2020-12427"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12427",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-25951",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-716",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-12427",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"db": "VULMON",
"id": "CVE-2020-12427"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "NVD",
"id": "CVE-2020-12427"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
]
},
"id": "VAR-202005-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
}
]
},
"last_update_date": "2023-12-18T13:12:58.947000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SOFTWARE \u0026 DOWNLOADS",
"trust": 0.8,
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"title": "WDC-20004",
"trust": 0.8,
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
},
{
"title": "Western Digital Western Digital WD Discovery cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/256756"
},
{
"title": "Western Digital MyCloud Home Western Digital WD Discovery Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=118942"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "NVD",
"id": "CVE-2020-12427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12427"
},
{
"trust": 1.7,
"url": "https://support.wdc.com/downloads.aspx?g=907\u0026lang=en"
},
{
"trust": 1.7,
"url": "https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12427"
},
{
"trust": 0.8,
"url": "https://payatu.com/blog/munawwar/trendnet-wireless-camera-buffer-overflow-vulnerability"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"db": "VULMON",
"id": "CVE-2020-12427"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "NVD",
"id": "CVE-2020-12427"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"db": "VULMON",
"id": "CVE-2020-12427"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"db": "NVD",
"id": "CVE-2020-12427"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"date": "2020-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12427"
},
{
"date": "2020-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"date": "2020-05-13T15:15:11.527000",
"db": "NVD",
"id": "CVE-2020-12427"
},
{
"date": "2020-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-25951"
},
{
"date": "2020-05-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12427"
},
{
"date": "2020-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005409"
},
{
"date": "2021-09-08T17:22:44.410000",
"db": "NVD",
"id": "CVE-2020-12427"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MyCloud Home for Western Digital WD Discovery Cross-site request forgery vulnerability in application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005409"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-716"
}
],
"trust": 0.6
}
}