CVE-2022-29835
MEDIUMWD Discovery < 4.4.396 - Inadequate Encryption Strength via SHA-1 Signed Executables
Title source: llmDescription
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396
Scores
CVSS v3
5.3
EPSS
0.0016
EPSS Percentile
5.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-326
CWE-328
Status
published
Products (1)
westerndigital/wd_discovery
< 4.4.396 (2 CPE variants)
Published
Sep 19, 2022
Tracked Since
Feb 18, 2026