Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

splashtop

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2023-3181
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.34%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 15:22
Updated-14 Aug, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Permissions in Splashtop Software Updater

The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.

Action-Not Available
Vendor-splashtopSplashtopMicrosoft Corporation
Product-splashtopwindowssplashtop_for_rmmmirroring360_senderstreamermirroring360_receiverSplashtop Software Updater
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CVE-2021-42713
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 18:38
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory with Insecure Permissions.

Action-Not Available
Vendor-splashtopn/aMicrosoft Corporation
Product-windowssplashtopn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-42714
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.81%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 18:21
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions.

Action-Not Available
Vendor-splashtopn/aMicrosoft Corporation
Product-windowssplashtopn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere