cbcvebase.

Wondershare Dr.Fone vulnerabilities

9 known vulnerabilities affecting wondershare/dr.fone.

Total CVEs
9
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH8

Vulnerabilities

Page 1 of 1
CVE-2021-44596P1CRITICALCVSS 9.8PoCv2021-12-062022-04-29
CVE-2021-44596 [CRITICAL] CVE-2021-44596: Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to softw Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and
nvd
CVE-2021-44595P2HIGHCVSS 8.8PoCv2021-12-062022-04-29
CVE-2021-44595 [HIGH] CWE-862 CVE-2021-44595: Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A no Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
nvd
CVE-2023-27010P3HIGHCVSS 7.8PoCv12.9.62023-03-13
CVE-2023-27010 [HIGH] CWE-250 CVE-2023-27010: Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. Th Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.
nvd
CVE-2023-29835P3HIGHCVSS 7.8v12.9.62023-04-26
CVE-2023-29835 [HIGH] CVE-2023-29835: Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.
nvd
CVE-2025-0834P3HIGHCVSS 7.8v13.5.212025-01-30
CVE-2025-0834 [HIGH] CWE-269 CVE-2025-0834: Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulne Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically.
nvd
CVE-2022-50900P3HIGHCVSS 7.8v12.0.182026-01-13
CVE-2022-50900 [HIGH] CWE-428 CVE-2022-50900: Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during service startup.
nvd
CVE-2023-27767P3HIGHCVSS 7.8v12.4.92023-04-04
CVE-2023-27767 [HIGH] CWE-426 CVE-2023-27767: An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execut An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.
nvd
CVE-2020-27992P3HIGHCVSS 7.8v3.0.02020-11-02
CVE-2020-27992 [HIGH] CWE-732 CVE-2020-27992: Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PR Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.
nvd
CVE-2022-50901P3HIGHCVSS 7.8v11.4.92026-01-13
CVE-2022-50901 [HIGH] CWE-428 CVE-2022-50901: Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.
nvd
Wondershare Dr.Fone vulnerabilities | cvebase