Tsplus Remote Access vulnerabilities
3 known vulnerabilities affecting tsplus/tsplus_remote_access.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-31067P2CRITICALCVSS 9.8PoC≤ 16.0.2.142023-09-11
CVE-2023-31067 [CRITICAL] CWE-276 CVE-2023-31067: An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permission
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.
nvd
CVE-2025-26318P3MEDIUMCVSS 5.8fixed in 17.302025-03-04
CVE-2025-26318 [MEDIUM] CWE-201 CVE-2025-26318: hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of
hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.
nvd
CVE-2025-5922P4MEDIUMCVSS 4.8fixed in v18.40.6.17fixed in v17.2025.6.27+1 more2025-07-29
CVE-2025-5922 [MEDIUM] CWE-522 CVE-2025-5922: Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" opti
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted.
LTS (
nvd