Description

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device.

INFO

Published Date :

2024-08-02T18:31:11.324Z

Last Modified :

2024-08-05T18:55:48.270Z

Source :

WDC PSIRT
AFFECTED PRODUCTS

The following products are affected by CVE-2024-22169 vulnerability.

Vendors Products
Westerndigital
  • Wd Discovery
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-22169.

URL Resource
https://www.westerndigital.com/support/product-security/wdc-24004-wd-discovery-desktop-app-version-5-0-589 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability