Wondershare: community verdicts
4 notable / known-exploited Wondershare CVEs the community has triaged.
- CVE-2021-44596CRIT 9.8EPSS 23%
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges
- CVE-2021-44595HIGH 8.8EPSS 21%
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.
- CVE-2023-31747HIGH 7.8Real · low riskEPSS 1%
Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.
- CVE-2023-31748HIGH 7.8Real · low riskEPSS 1%
Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.