CVE-2022-50902
Unknown Unknown - Not Provided
Unquoted Service Path in Wondershare FamiSafe Enables Privilege Escalation

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with LocalSystem permissions during service startup.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50902
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wondershare famisafe 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-91 The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in Wondershare FamiSafe 1.0's FSService. Because the service path contains spaces and is not enclosed in quotes, a local attacker can place a malicious executable in a path that the system might mistakenly execute instead of the intended service executable. When the service starts, this malicious code runs with LocalSystem privileges, allowing the attacker to execute arbitrary code with elevated rights on the affected system. [1, 2]

Impact Analysis

The vulnerability allows a local attacker to escalate their privileges to LocalSystem level by injecting malicious code that runs with high privileges during the service startup. This can lead to full system compromise, including unauthorized access, modification, or destruction of data, installation of persistent malware, and disruption of system availability. [1, 2]

Detection Guidance

You can detect this vulnerability by checking for unquoted service paths in Windows services, specifically looking for the FSService. A suggested command to identify such services is: wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\" | findstr /i "FSService" | findstr /i /v '"'. This command lists services that start automatically, are not located in the Windows directory, and include FSService, helping to identify the unquoted service path vulnerability. [2]

Mitigation Strategies

Immediate mitigation steps include correcting the unquoted service path by enclosing the service executable path in quotes to prevent path hijacking. For example, changing the service path from C:\Program Files (x86)\Wondershare\FamiSafe\FSService.exe to "C:\Program Files (x86)\Wondershare\FamiSafe\FSService.exe" ensures the system correctly interprets the path and prevents execution of malicious code. Additionally, restrict write permissions on directories in the service path to prevent attackers from placing malicious executables. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50902. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart