CVE-2021-44596

CRITICAL

Wondershare Dr.Fone - Unauthenticated Remote Code Execution via InstallAssistService.exe UDP Communication

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44596. PoCs published by Netanel Cohen.

AI-analyzed exploit summary This exploit targets Wondershare Dr.Fone up to version 12.0.7 via a UDP-based RCE vulnerability in the InstallAssistService.exe, which runs with SYSTEM privileges. It sends a PowerShell reverse shell payload to a range of ports to achieve remote code execution.

Description

Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privileges

Exploits (1)

exploitdb WORKING POC
by Netanel Cohen · pythonremotewindows
https://www.exploit-db.com/exploits/50913

This exploit targets Wondershare Dr.Fone up to version 12.0.7 via a UDP-based RCE vulnerability in the InstallAssistService.exe, which runs with SYSTEM privileges. It sends a PowerShell reverse shell payload to a range of ports to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Wondershare Dr.Fone up to 12.0.7
No auth needed
Prerequisites: Network access to the target system · UDP ports 1024-65500 accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
http://wondershare.com
Not Applicable x_refsource_misc
http://dr.com

Scores

CVSS v3 9.8
EPSS 0.2175
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
wondershare/dr.fone 2021-12-06
Published Apr 29, 2022
Tracked Since Feb 18, 2026