Join us January 28th for the first In the Wild with VulnCheck webinar
Register now
Products
Government
Resources
Community
Company
Partners
Sign In / Join
Sign In
Advisories
IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path
Go Back
severity
high
date
January 25, 2026
Affecting
IPTInstaller 4.0.9
CVE
CVE-2020-36933
CWE
CWE-428 Unquoted Search Path or Element
CVSS
8.5
CVSS V4 Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References
ExploitDB-49006
HTC Official Latin America Homepage
Credit
SamAlucard
Description
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.