CVE-2020-15816
HIGHWesterndigital WD Discovery < 4.0.251.0 - Exposure to Wrong Actor
Title source: ruleDescription
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
Scores
CVSS v3
8.8
EPSS
0.0065
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-668
Status
published
Affected Products (2)
westerndigital/wd_discovery
< 4.0.251.0
westerndigital/wd_discovery
< 4.0.251.0
Timeline
Published
Jul 17, 2020
Tracked Since
Feb 18, 2026