CVE-2020-37250
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
TFTP Broadband version 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.
Risk Assessment
This vulnerability poses a serious risk to system security, allowing local attackers to gain full control over the system. Exploitation of this flaw could lead to unauthorized access to data and potential damage to IT infrastructure.
Recommendation
It is recommended to update TFTP Broadband to the latest version to eliminate this vulnerability. Additionally, access to the Program Files directory should be monitored and restricted, and security policies regarding service execution should be enforced.
Original NVD description (English source)
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.

