Dr.fone

dr.fone

Vendor: Wondershare • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-50901 1Wondershare 1Dr.fone Jan 28, 2026 Jan 13, 2026 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (...Show more Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.Show less
CVE-2022-50900 1Wondershare 1Dr.fone Jan 28, 2026 Jan 13, 2026 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to inser...Show more Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.Show less
CVE-2023-29835 1Wondershare 1Dr.fone Feb 3, 2025 Apr 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.
CVE-2023-27767 1Wondershare 1Dr.fone Feb 13, 2025 Apr 4, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.
CVE-2023-27010 1Wondershare 1Dr.fone Mar 3, 2025 Mar 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.
CVE-2021-44596 1Wondershare 1Dr.fone Nov 21, 2024 Apr 29, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the servic...Show more Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privilegesShow less
CVE-2021-44595 1Wondershare 1Dr.fone Nov 21, 2024 Apr 29, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validatio...Show more Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.Show less
CVE-2020-27992 1Wondershare 1Dr.fone Nov 21, 2024 Nov 2, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.