Insecure Permission Vulnerability in Wondershare Dr.Fone Software
CVE-2023-29835

7.8HIGH

Key Information:

Vendor: Wondershare
Status: Dr.fone
Vendor: CVE Published:; 26 April 2023

🔔 Create Wondershare Vulnerability Alert

What is CVE-2023-29835?

A vulnerability exists in Wondershare Dr.Fone, specifically in version 12.9.6, that allows attackers to escalate privileges through inadequate service permission controls. This weakness could enable unauthorized access and manipulation of the software’s functionalities, raising significant security concerns for users and organizations reliant on this tool.

References

https://github.com/IthacaLabs/Wondershare/tree/main/Dr.Fone

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2023
Vulnerability Reserved
Apr 7, 2023