CVE Catalog

CVE-2020-37250

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

TFTP Broadband version 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.

Risk Assessment

This vulnerability poses a serious risk to system security, allowing local attackers to gain full control over the system. Exploitation of this flaw could lead to unauthorized access to data and potential damage to IT infrastructure.

Recommendation

It is recommended to update TFTP Broadband to the latest version to eliminate this vulnerability. Additionally, access to the Program Files directory should be monitored and restricted, and security policies regarding service execution should be enforced.

Original NVD description (English source)

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS