Remote Code Execution Vulnerability in Wondershare Dr. Fone Software
CVE-2021-44596

9.8CRITICAL

Key Information:

Vendor

Wondershare

Status
Dr.fone
Vendor
CVE Published:
29 April 2022

What is CVE-2021-44596?

The vulnerability in Wondershare Dr. Fone allows unauthenticated users to exploit flaws in the software's design. By communicating over UDP with the 'InstallAssistService.exe' service, which operates under SYSTEM privileges, attackers can execute arbitrary code. This manipulation can occur without any authentication or validation, allowing unauthorized access to critical system controls. The issue emphasizes the need for robust security measures to prevent remote exploitation.

References

http://wondershare.com
x_refsource_MISC
http://dr.com
x_refsource_MISC
https://medium.com/%40tomerp_77017/wondershell-a82372914f26
x_refsource_MISC

EPSS Score

42% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.