VYPR

Dr.Fone

by Wondershare

CVEs (6)

  • CVE-2021-44596CriApr 29, 2022
    risk 0.69cvss 9.8epss 0.23

    Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to…

  • CVE-2021-44595HigApr 29, 2022
    risk 0.62cvss 8.8epss 0.21

    Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.

  • CVE-2023-27010HigMar 13, 2023
    risk 0.54cvss 7.8epss 0.01

    Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.

  • CVE-2025-0834HigJan 30, 2025
    risk 0.51cvss 7.8epss 0.00

    Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This…

  • CVE-2023-29835HigApr 26, 2023
    risk 0.51cvss 7.8epss 0.00

    Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.

  • CVE-2023-27767HigApr 4, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.