CVE-2023-31748

HIGH

MobileTrans <4.0.11 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31748. PoCs published by Thurein Soe.

AI-analyzed exploit summary The writeup describes a weak service permission vulnerability in MobileTrans 4.0.11, where the 'ElevationService' runs with SYSTEM privileges and has insecure file permissions, allowing local users to escalate privileges by modifying or replacing the executable.

Description

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.

Exploits (1)

exploitdb WRITEUP

by Thurein Soe · textlocalwindows

https://www.exploit-db.com/exploits/51479

View Code ZIP pw:eip

The writeup describes a weak service permission vulnerability in MobileTrans 4.0.11, where the 'ElevationService' runs with SYSTEM privileges and has insecure file permissions, allowing local users to escalate privileges by modifying or replacing the executable.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: MobileTrans version 4.0.11

Auth required

Prerequisites: Local access to the system · MobileTrans 4.0.11 installed

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Product

http://mobiletrans.com

Exploit, Third Party Advisory, VDB Entry

https://packetstormsecurity.com/files/172466/MobileTrans-4.0.11-Weak-Service-Permissions.html

Scores

CVSS v3 7.8

EPSS 0.0088

EPSS Percentile 54.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

wondershare/mobiletrans 4.0.11

Published May 24, 2023

Tracked Since Feb 18, 2026