Home

Description

Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative access.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-15 | Updated 2026-01-16 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Unquoted Search Path or Element

Product status

11.5
affected

Credits

Salman Asad (@deathflash1411) a.k.a LeoBreaker finder

References

www.exploit-db.com/exploits/50273 exploit

www.exploit-db.com/exploits/50273 (ExploitDB-50273) exploit

www.techspot.com/downloads/175-active-webcam.html (Software Download Page) product

www.pysoft.com/ (Vendor Homepage) product

www.vulncheck.com/...ies/active-webcam-unquoted-service-path (VulnCheck Advisory: Active WebCam 11.5 - Unquoted Service Path) third-party-advisory

cve.org (CVE-2021-47790)

nvd.nist.gov (CVE-2021-47790)

Download JSON