“media drive” implies to me that this is the drive that is holding the actual media files.
If the preference is in the GUI, it can be exploited by an attacker. The precise location within the GUI doesn’t make a difference. Here is the announcement which has a link to the relevant CVE Security: Regarding CVE-2020-5741
