CVE-2020-36977

Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/49101
https://www.vulncheck.com/advisories/wondershare-driver-install-service-help-elevationservice-unquote-service-path
https://www.wondershare.com/
https://www.wondershare.com/drfone/
https://www.exploit-db.com/exploits/49101

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Wondershare Driver Install Service contiene una vulnerabilidad de ruta de servicio sin comillas en el ejecutable ElevationService que permite a atacantes locales inyectar potencialmente código malicioso. Los atacantes pueden explotar la ruta sin comillas para reemplazar el binario del servicio con un ejecutable malicioso, lo que permite la escalada de privilegios a la cuenta LocalSystem.

29 Jan 2026, 17:16

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/49101 -~~	() https://www.exploit-db.com/exploits/49101 -

27 Jan 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-27 19:16

Updated : 2026-04-15 00:35

NVD link : CVE-2020-36977

Mitre link : CVE-2020-36977

CVE.ORG link : CVE-2020-36977

JSON object : View

Products Affected

No product.

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2020-36977", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-27T19:16:10.420", "references": [{"url": "https://www.exploit-db.com/exploits/49101", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/wondershare-driver-install-service-help-elevationservice-unquote-service-path", "source": "disclosure@vulncheck.com"}, {"url": "https://www.wondershare.com/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.wondershare.com/drfone/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/49101", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account."}, {"lang": "es", "value": "Wondershare Driver Install Service contiene una vulnerabilidad de ruta de servicio sin comillas en el ejecutable ElevationService que permite a atacantes locales inyectar potencialmente c\u00f3digo malicioso. Los atacantes pueden explotar la ruta sin comillas para reemplazar el binario del servicio con un ejecutable malicioso, lo que permite la escalada de privilegios a la cuenta LocalSystem."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "disclosure@vulncheck.com"}