Sign-up

ID

VAR-202005-0339


CVE

CVE-2020-12427


TITLE

MyCloud Home for Western Digital WD Discovery Cross-site request forgery vulnerability in application

Trust: 0.8

sources: JVNDB: JVNDB-2020-005409

DESCRIPTION

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. (DoS) It may be put into a state. Western Digital MyCloud Home is a personal storage device from Western Digital. Western Digital WD Discovery is a remote connection management tool for Western Digital personal storage devices. Attackers can use this vulnerability to obtain data, modify the contents of the disk, or run out of disk space and other hazards

Trust: 2.25

sources: NVD: CVE-2020-12427 // JVNDB: JVNDB-2020-005409 // CNVD: CNVD-2021-25951 // VULMON: CVE-2020-12427

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-25951

AFFECTED PRODUCTS

vendor:westerndigitalmodel:wd discoveryscope:ltversion:3.8.229

Trust: 1.0

vendor:western digitalmodel:wd discoveryscope:eqversion:3.8.229

Trust: 0.8

vendor:westernmodel:digital western digital wd discoveryscope:ltversion:3.8.229

Trust: 0.6

vendor:westerndigitalmodel:wd discoveryscope:eqversion:2.12.127

Trust: 0.1

sources: CNVD: CNVD-2021-25951 // VULMON: CVE-2020-12427 // JVNDB: JVNDB-2020-005409 // NVD: CVE-2020-12427

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12427
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005409
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-25951
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202005-716
value: HIGH

Trust: 0.6

VULMON: CVE-2020-12427
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-12427
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005409
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-25951
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12427
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005409
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-25951 // VULMON: CVE-2020-12427 // JVNDB: JVNDB-2020-005409 // CNNVD: CNNVD-202005-716 // NVD: CVE-2020-12427

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2020-005409 // NVD: CVE-2020-12427

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-716

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202005-716

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005409

PATCH
title:SOFTWARE & DOWNLOADSurl:https://support.wdc.com/downloads.aspx?g=907&lang=en
Trust: 0.8
title:WDC-20004url:https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf
Trust: 0.8
title:Western Digital Western Digital WD Discovery cross-site request forgery vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/256756
Trust: 0.6
title:Western Digital MyCloud Home Western Digital WD Discovery Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118942
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-25951 // 
            
            
            
            JVNDB: JVNDB-2020-005409 // 
            
            
            
            CNNVD: CNNVD-202005-716

EXTERNAL IDS
db:NVDid:CVE-2020-12427
Trust: 3.1
db:JVNDBid:JVNDB-2020-005409
Trust: 0.8
db:CNVDid:CNVD-2021-25951
Trust: 0.6
db:CNNVDid:CNNVD-202005-716
Trust: 0.6
db:VULMONid:CVE-2020-12427
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-25951 // 
            
            
            
            VULMON: CVE-2020-12427 // 
            
            
            
            JVNDB: JVNDB-2020-005409 // 
            
            
            
            CNNVD: CNNVD-202005-716 // 
            
            
            
            NVD: CVE-2020-12427

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-12427
Trust: 2.0
url:https://support.wdc.com/downloads.aspx?g=907&lang=en
Trust: 1.7
url:https://www.westerndigital.com/support/productsecurity/wdc-20004-wd-discovery-cross-site-request-forgery-csrf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12427
Trust: 0.8
url:https://payatu.com/blog/munawwar/trendnet-wireless-camera-buffer-overflow-vulnerability
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/352.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-25951 // 
            
            
            
            VULMON: CVE-2020-12427 // 
            
            
            
            JVNDB: JVNDB-2020-005409 // 
            
            
            
            CNNVD: CNNVD-202005-716 // 
            
            
            
            NVD: CVE-2020-12427

SOURCES
db:CNVDid:CNVD-2021-25951
db:VULMONid:CVE-2020-12427
db:JVNDBid:JVNDB-2020-005409
db:CNNVDid:CNNVD-202005-716
db:NVDid:CVE-2020-12427

LAST UPDATE DATE
2024-11-23T22:05:38.591000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-25951date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-12427date:2020-05-15T00:00:00
db:JVNDBid:JVNDB-2020-005409date:2020-06-12T00:00:00
db:CNNVDid:CNNVD-202005-716date:2020-05-22T00:00:00
db:NVDid:CVE-2020-12427date:2024-11-21T04:59:42.470

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-25951date:2021-04-08T00:00:00
db:VULMONid:CVE-2020-12427date:2020-05-13T00:00:00
db:JVNDBid:JVNDB-2020-005409date:2020-06-12T00:00:00
db:CNNVDid:CNNVD-202005-716date:2020-05-13T00:00:00
db:NVDid:CVE-2020-12427date:2020-05-13T15:15:11.527