CVE-2023-31068

CRITICAL

TSplus Remote Access <16.0.2.14 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31068. PoCs published by shinnai.

AI-analyzed exploit summary This is a writeup detailing insecure file and folder permissions in TSplus Remote Work 16.0.0.0, which could allow an attacker to manipulate files or replace executables to gain elevated privileges or compromise the system.

Description

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.

Exploits (1)

exploitdb WRITEUP

by shinnai · textremotewindows

https://www.exploit-db.com/exploits/51680

View Code ZIP pw:eip

This is a writeup detailing insecure file and folder permissions in TSplus Remote Work 16.0.0.0, which could allow an attacker to manipulate files or replace executables to gain elevated privileges or compromise the system.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: TSplus Remote Work up to 16.0.0.0

No auth needed

Prerequisites: Access to the file system where TSplus Remote Work is installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1574 - Hijack Execution Flow

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/174272/TSPlus-16.0.0.0-Insecure-Permissions.html

Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51680

Scores

CVSS v3 9.8

EPSS 0.0187

EPSS Percentile 83.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-276

Status published

Products (2)

tsplus/tsplus_remote_access < 16.0.0.0

tsplus/tsplus_remote_work < 16.0.0.0

Published Sep 11, 2023

Tracked Since Feb 18, 2026