Cyber Resilience

CVE-2022-50900

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
28 January 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 10.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50900 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Wondershare Dr.Fone. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 10.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-50900 is an unquoted service path vulnerability in Wondershare Dr.Fone version 12.0.18. The issue stems from a misconfigured service path, classified under CWE-428, which enables local users to execute arbitrary code with elevated system privileges. Specifically, attackers can insert malicious code that runs with LocalSystem permissions upon service startup.

The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating low attack complexity for local attackers requiring no privileges or user interaction. An attacker with local access can exploit the unquoted path by placing a malicious executable in a directory that the service searches before locating the legitimate binary, achieving full system compromise through privilege escalation.

Advisories and references include a proof-of-concept exploit on Exploit-DB (ID 50813) targeting the Wondershare InstallAssist service, a detailed VulnCheck advisory on the unquoted service path issue, and the vendor's site at wondershare.com. No specific patch or mitigation details are provided in the available information.

EU & UK References

Vulnerability details

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during…

more

service startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Unquoted service path (CWE-428) directly enables path interception by unquoted path (T1574.009) for local privilege escalation (T1068) via malicious executable placement before legitimate binary.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2022-50901Same product: Wondershare Dr.Fone
CVE-2022-50903Same vendor: Wondershare
CVE-2022-50914Shared CWE-428
CVE-2020-36982Shared CWE-428
CVE-2020-36987Shared CWE-428
CVE-2021-47825Shared CWE-428
CVE-2020-37059Shared CWE-428
CVE-2020-36953Shared CWE-428
CVE-2022-50935Shared CWE-428
CVE-2021-47864Shared CWE-428

Affected Assets

wondershare
dr.fone
12.0.18

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces secure configuration settings for system services, directly preventing unquoted service path vulnerabilities that enable privilege escalation.

prevent

Requires timely identification, reporting, and correction of flaws like unquoted service paths, mitigating the vulnerability before exploitation.

detect

Vulnerability scanning detects misconfigurations such as unquoted service paths in installed software like Wondershare Dr.Fone.

References