LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path | Advisories

Advisories

LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path

severity: high
date: January 22, 2026
Affecting: LogonExpert 8.1
CVE: CVE-2021-47890
CWE: CWE-428 Unquoted Search Path or Element
CVSS: 8.5
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-49586
Vendor Homepage
Software Download Link
Credit: Victor Mondragón
Description: LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.