CVE-2021-47767

10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.10-strike.com/	Product
https://www.exploit-db.com/exploits/50494	Exploit
https://www.exploit-db.com/exploits/50494	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:10-strike:network_inventory_explorer:9.31:*:*:*:pro:*:*:*

History

30 Jan 2026, 20:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:10-strike:network_inventory_explorer:9.31::::pro:::
References	~~() https://www.10-strike.com/ -~~	() https://www.10-strike.com/ - Product
References	~~() https://www.exploit-db.com/exploits/50494 -~~	() https://www.exploit-db.com/exploits/50494 - Exploit
First Time		10-strike network Inventory Explorer 10-strike

15 Jan 2026, 19:16

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/50494 -~~	() https://www.exploit-db.com/exploits/50494 -

15 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-15 16:16

Updated : 2026-01-30 20:00

NVD link : CVE-2021-47767

Mitre link : CVE-2021-47767

CVE.ORG link : CVE-2021-47767

JSON object : View

Products Affected

10-strike

network_inventory_explorer

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2021-47767", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-15T16:16:08.170", "references": [{"url": "https://www.10-strike.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/50494", "tags": ["Exploit"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/50494", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions."}], "lastModified": "2026-01-30T20:00:34.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:10-strike:network_inventory_explorer:9.31:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "F7CED6E9-86A3-4483-B0F1-95358C610A0E"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}