In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Jul 2021, 13:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:westerndigital:wd_discovery:*:*:*:*:*:macos:*:* |
Information
Published : 2020-07-17 20:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-15816
Mitre link : CVE-2020-15816
CVE.ORG link : CVE-2020-15816
JSON object : View
Products Affected
westerndigital
- wd_discovery
CWE
CWE-668
Exposure of Resource to Wrong Sphere