CVE-2020-15816

In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
westerndigitalwd_discovery
𝑥
< 4.0.251.0
westerndigitalwd_discovery
𝑥
< 4.0.251.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability
https://www.westerndigital.com/support/productsecurity/wdc-20005-wd-discovery-remote-command-execution-vulnerability