CVE-2020-10951 — UI Misrepresentation / Clickjacking in MY Cloud Home

Severity

4.7MEDIUMNVD

EPSS

0.2%

top 51.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 15

Latest updateMay 24

Description

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

GHSA

GHSA-g48c-wq65-9whh: Western Digital My Cloud Home and ibi devices before 2↗2022-05-24

▶

CVEList

CVE-2020-10951: Western Digital My Cloud Home and ibi devices before 2↗2020-04-15

▶