Cyber Posture

CVE-2022-50900

HighPublic PoC

Published: 13 January 2026

Published
13 January 2026
Modified
28 January 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50900 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Wondershare Dr.Fone. Its CVSS base score is 8.4 (High).

Operationally, ranked at the 4.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match
prevent

Enforces secure configuration settings for system services, directly preventing unquoted service path vulnerabilities that enable privilege escalation.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of flaws like unquoted service paths, mitigating the vulnerability before exploitation.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Vulnerability scanning detects misconfigurations such as unquoted service paths in installed software like Wondershare Dr.Fone.

NVD Description

Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path to insert malicious code that will be executed with LocalSystem permissions during…

more

service startup.

Deeper analysisAI

CVE-2022-50900 is an unquoted service path vulnerability in Wondershare Dr.Fone version 12.0.18. The issue stems from a misconfigured service path, classified under CWE-428, which enables local users to execute arbitrary code with elevated system privileges. Specifically, attackers can insert malicious code that runs with LocalSystem permissions upon service startup.

The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating low attack complexity for local attackers requiring no privileges or user interaction. An attacker with local access can exploit the unquoted path by placing a malicious executable in a directory that the service searches before locating the legitimate binary, achieving full system compromise through privilege escalation.

Advisories and references include a proof-of-concept exploit on Exploit-DB (ID 50813) targeting the Wondershare InstallAssist service, a detailed VulnCheck advisory on the unquoted service path issue, and the vendor's site at wondershare.com. No specific patch or mitigation details are provided in the available information.

Details

CWE(s)
CWE-428

Affected Products

wondershare
dr.fone
12.0.18

CVEs Like This One

CVE-2022-50901Same product: Wondershare Dr.Fone
CVE-2022-50903Same vendor: Wondershare
CVE-2019-25344Same vendor: Wondershare
CVE-2019-25276Shared CWE-428
CVE-2020-37098Shared CWE-428
CVE-2021-47809Shared CWE-428
CVE-2024-57276Shared CWE-428
CVE-2020-37100Shared CWE-428
CVE-2021-47790Shared CWE-428
CVE-2020-36976Shared CWE-428

References