Vulnerabilities > CVE-2021-44596 - Unspecified vulnerability in Wondershare Dr.Fone 20211206

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wondershare

critical

NVD

Published: 2022-04-29

Updated: 2023-11-07

Summary

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges

Vulnerable Configurations

Part	Description	Count
Application	Wondershare Wondershare Dr.Fone 2021-12-06	1

References

http://dr.com
http://wondershare.com
http://packetstormsecurity.com/files/167035/Wondershare-Dr.Fone-12.0.7-Privilege-Escalation.html
https://medium.com/%40tomerp_77017/wondershell-a82372914f26