CVE-2020-36979 | THREATINT

Description

Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.

PUBLISHED Reserved 2026-01-27 | Published 2026-01-27 | Updated 2026-01-29 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

8.0.0.255

affected

Credits

Isabel Lopez finder

References

www.exploit-db.com/exploits/49053 exploit

www.exploit-db.com/exploits/49053 (ExploitDB-49053) exploit

www.file.net/process/ath_coexagent.exe.html (Vendor Homepage) product

www.boostbyreason.com/...ce-file-9102-ath_coexagent-exe.aspx (Software Download Link) product

www.vulncheck.com/...btwlan-coex-agent-unquoted-service-path (VulnCheck Advisory: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path) third-party-advisory

cve.org (CVE-2020-36979)

nvd.nist.gov (CVE-2020-36979)

Download JSON