GCVE - cpe:2.3:a:western_digital:wd_discovery:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:western_digital:wd_discovery:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Western Digital (`8fa4e68f-591c-5d63-a691-dbe27a4f8690`)
Product	Wd Discovery (`ba5f1fe5-b011-58cd-bdd7-f216a2f3566f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-30248`	vulnerable	2026-06-03 15:00:27.593715	Details available DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path. Published: 2026-01-26T22:47:58.624Z Updated: 2026-01-27T21:33:27.911Z Open on db.gcve.eu Reference links https://www.westerndigital.com/support/product-security/wdc-25008-wd-discovery-desktop-app-version-5-3	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22169`	vulnerable	2026-06-03 14:54:59.923425	Misconfiguration in node.js causing a code execution in WD Discovery WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device. Published: 2024-08-02T18:31:11.324Z Updated: 2024-08-05T18:55:48.270Z Open on db.gcve.eu Reference links https://www.westerndigital.com/support/product-security/wdc-24004-wd-discovery-desktop-app-version-5-0-589	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-29835`	vulnerable	2026-06-03 14:46:58.974266	WD Discovery's Use of Weak Hashing Algorithm for Code Signing MEDIUM (5.3) WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows. Published: 2022-09-19T19:43:53.000Z Updated: 2024-08-03T06:33:42.851Z Open on db.gcve.eu Reference links https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.