CVE-2022-50902
Unquoted Service Path in Wondershare FamiSafe Enables Privilege Escalation
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wondershare | famisafe | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-91 | The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in Wondershare FamiSafe 1.0's FSService. Because the service path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in a path that the system might mistakenly execute instead of the intended service executable. When the service starts, this malicious code runs with LocalSystem privileges, allowing the attacker to execute arbitrary code with elevated rights on the affected system. [1, 2]
How can this vulnerability impact me? :
The vulnerability allows a local attacker to escalate their privileges to LocalSystem level by injecting malicious code that runs with high privileges during the service startup. This can lead to full system compromise, including unauthorized access, modification, or destruction of data, installation of persistent malware, and disruption of system availability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking for unquoted service paths in Windows services, specifically looking for the FSService. A suggested command to identify such services is: wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\" | findstr /i "FSService" | findstr /i /v '"'. This command lists services that start automatically, are not located in the Windows directory, and include FSService, helping to identify the unquoted service path vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the service executable path in quotes to prevent path hijacking. For example, changing the service path from C:\Program Files (x86)\Wondershare\FamiSafe\FSService.exe to "C:\Program Files (x86)\Wondershare\FamiSafe\FSService.exe" ensures the system correctly interprets the path and prevents execution of malicious code. Additionally, restrict write permissions on directories in the service path to prevent attackers from placing malicious executables. [1, 2]