CVE-2022-50901
Unknown Unknown - Not Provided
Unquoted Service Path in Wondershare Dr.Fone Enables Local Code Execution

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-19
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-18
NVD
CVE-2022-50901
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wondershare wondershare_dr.fone 11.4.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in Wondershare Dr.Fone version 11.4.9, specifically in the DFWSIDService. Because the service path contains spaces and is not enclosed in quotes, a local attacker can place malicious executables in certain directories along the path. When the service starts, Windows may execute these malicious executables with LocalSystem privileges, allowing arbitrary code execution with high-level system access. [1, 2]

Impact Analysis

If exploited, this vulnerability allows a local attacker to execute arbitrary code with LocalSystem privileges, which is the highest level of access on a Windows system. This can lead to privilege escalation, unauthorized system control, and potentially full compromise of the affected machine. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in the Windows services, specifically for the DFWSIDService related to Wondershare Dr.Fone. Commands such as 'wmic service get name,pathname,startmode | findstr /i "DFWSIDService"' or 'sc qc DFWSIDService' can be used to query the service executable path and verify if the path is unquoted and contains spaces, which indicates the vulnerability. [2]

Mitigation Strategies

Immediate mitigation steps include enclosing the service path in quotes to prevent execution of malicious executables placed along the unquoted path. Alternatively, ensure that no malicious executables exist in the directories along the service path. Restrict local user permissions to prevent placing executables in these directories and consider disabling or stopping the DFWSIDService if it is not required until a patch or fix is applied. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50901. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart