WD Discovery, Cross Site Request Forgery (CSRF)
WDC Tracking Number: WDC-20004
Product Line/Web: My Cloud Home
Published: April 27, 2020
Last Updated: April 27, 2020
The WD Discovery application for My Cloud Home on Mac and Windows was vulnerable to CSRF attacks on an internal interface. This vulnerability could allow an attacker to initiate a synchronization operation between local folders and a chosen remote server.
A component of WD Discovery was vulnerable to a CSRF attack that could allow a malicious website to initiate synchronization operations. This vulnerability was addressed by using CSRF tokens with every request.
CVE Number: CVE-2020-12427