CVE-2022-50901
Unquoted Service Path in Wondershare Dr.Fone Enables Local Code Execution
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wondershare | wondershare_dr.fone | 11.4.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in Wondershare Dr.Fone version 11.4.9, specifically in the DFWSIDService. Because the service path contains spaces and is not enclosed in quotes, a local attacker can place malicious executables in certain directories along the path. When the service starts, Windows may execute these malicious executables with LocalSystem privileges, allowing arbitrary code execution with high-level system access. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code with LocalSystem privileges, which is the highest level of access on a Windows system. This can lead to privilege escalation, unauthorized system control, and potentially full compromise of the affected machine. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unquoted service paths in the Windows services, specifically for the DFWSIDService related to Wondershare Dr.Fone. Commands such as 'wmic service get name,pathname,startmode | findstr /i "DFWSIDService"' or 'sc qc DFWSIDService' can be used to query the service executable path and verify if the path is unquoted and contains spaces, which indicates the vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enclosing the service path in quotes to prevent execution of malicious executables placed along the unquoted path. Alternatively, ensure that no malicious executables exist in the directories along the service path. Restrict local user permissions to prevent placing executables in these directories and consider disabling or stopping the DFWSIDService if it is not required until a patch or fix is applied. [1, 2]