CVE-2024-22169

Name of the Vulnerable Software and Affected Versions WD Discovery versions prior to 5.0.589

Description The issue is related to a misconfiguration in the Node.js environment settings of WD Discovery, which could allow code execution by utilizing the ELECTRON RUN AS NODE environment variable. Any malicious application operating with standard user permissions can exploit this, enabling code execution within the WD Discovery application's context. The attack vector requires the victim to have the WD Discovery app installed on their device.

Recommendations For versions prior to 5.0.589, update to version 5.0.589, which addresses this issue by disabling certain features and fuses in Electron. As a temporary workaround, consider restricting access to the ELECTRON RUN AS NODE environment variable to minimize the risk of exploitation.