Western Digital’s WD Discovery App Flaw Allows Code Execution

The Western Digital Discovery app, a smartly-identified provider of storage devices, has a vulnerability identified as CVE 2024-22169 with a CVSS erroneous ranking of seven.1 that permits for code execution.

The safety vulnerability arises due to the the Node.js atmosphere settings within the WD Discovery App. Utilizing the ELECTRON_RUN_AS_NODE atmosphere variable could perchance well enable code execution.

Specifically, the vulnerability enables code execution right thru the context of WD Discovery purposes and is seemingly to be abused by any malicious application working with frequent individual permissions.

“Any malicious application working with frequent individual permissions can exploit this vulnerability, enabling code execution right thru the WD Discovery application’s context,” the firm acknowledged.

Yoko Kho, AbdulKarim, and Fahad Alamri of the HakTrak Cybersecurity Team were notified of the region. This vulnerability affects all WD Discovery Desktop App users sooner than 5.0.589. Both Windows and macOS users are impacted by the region.

Fix Accessible

Western Digital urges users to upgrade their WD Discovery app to version 5.0.589 or higher on both Windows and Mac devices as rapidly as imaginable.

WD Discovery version 5.0.589 addresses this region by “disabling decided aspects and fuses in Electron.”

Users can download basically the most most up-to-date version from the WD Discovery Downloads web philosophize, accumulate the update mechanically, or follow the directions on the WD Discovery On-line User Handbook.