CVE-2023-31067

CRITICAL

TSplus Remote Access <16.0.2.14 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31067. PoCs published by shinnai.

AI-analyzed exploit summary This is a detailed writeup describing insecure file and folder permissions in TSplus Remote Access up to version 16.0.2.14. It lists directories and files with excessive permissions (Everyone:(F)), which could allow an attacker to manipulate content or replace executables for privilege escalation or system compromise.

Description

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.

Exploits (1)

exploitdb WRITEUP

by shinnai · textremotewindows

https://www.exploit-db.com/exploits/51679

View Code ZIP pw:eip

This is a detailed writeup describing insecure file and folder permissions in TSplus Remote Access up to version 16.0.2.14. It lists directories and files with excessive permissions (Everyone:(F)), which could allow an attacker to manipulate content or replace executables for privilege escalation or system compromise.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: TSplus Remote Access up to 16.0.2.14

No auth needed

Prerequisites: Access to the file system where TSplus is installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/174275/TSPlus-16.0.2.14-Insecure-Permissions.html

Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51679

Scores

CVSS v3 9.8

EPSS 0.0204

EPSS Percentile 84.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

tsplus/tsplus_remote_access < 16.0.2.14

Published Sep 11, 2023

Tracked Since Feb 18, 2026