CVE-2021-47767 | THREATINT

Description

10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-15 | Updated 2026-01-15 | Assigner VulnCheck

HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

9.31

affected

Credits

Brian Rodriguez finder

References

www.exploit-db.com/exploits/50494 exploit

www.exploit-db.com/exploits/50494 (ExploitDB-50494) exploit

www.10-strike.com/ (Vendor Homepage) product

cve.org (CVE-2021-47767)

nvd.nist.gov (CVE-2021-47767)

Download JSON