Last Updated: April 27, 2020

Description

The WD Discovery application for My Cloud Home on Mac and Windows was vulnerable to CSRF attacks on an internal interface. This vulnerability could allow an attacker to initiate a synchronization operation between local folders and a chosen remote server.

Advisory Summary

A component of WD Discovery was vulnerable to a CSRF attack that could allow a malicious website to initiate synchronization operations. This vulnerability was addressed by using CSRF tokens with every request.

CVE Number: CVE-2020-12427