Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Misconfiguration in node.js causing a code execution in WD Discovery
Vulnerability Description
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Western Digital Discovery 安全漏洞
Vulnerability Description
Western Digital Discovery(WD Discovery)是美国西部数据(Western Digital)公司的一款用于Western Digital个人存储设备的远程连接管理工具。 Western Digital Discovery 5.0.589之前版本存在安全漏洞,该漏洞源于存在配置错误,可能允许通过使用环境变量来执行代码。
CVSS Information
N/A
Vulnerability Type
N/A