SplashtopCVEs & Vulnerabilities

9 CVEs affecting Splashtop products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

streamer 7splashtop 3mirroring360 receiver 1mirroring360 sender 1software updater 1splashtop for rmm 1
CVE-2024-42053HIGH

The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder.

28 Jul 2024
7.8
CVSS
CVE-2024-42052HIGH

The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder.

28 Jul 2024
7.8
CVSS
CVE-2024-42051HIGH

The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg.

28 Jul 2024
7.8
CVSS
CVE-2024-42050HIGH

The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg.

28 Jul 2024
7.0
CVSS
CVE-2023-3181HIGH

The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

25 Jan 2024
7.8
CVSS
CVE-2021-42714HIGH

Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

15 Feb 2022
7.8
CVSS
CVE-2021-42713HIGH

Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.

15 Feb 2022
7.8
CVSS
CVE-2021-42712HIGH

Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

15 Feb 2022
7.8
CVSS
CVE-2020-12431MEDIUM

A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0).

21 May 2020
6.6
CVSS
← PrevPage 1 / 1Next →