WinAVR Version 20100110 - Insecure Folder Permissions | Advisories

Advisories

WinAVR Version 20100110 - Insecure Folder Permissions

severity: high
date: January 27, 2026
Affecting: WinAVR 20100110
CVE: CVE-2020-36938
CWE: CWE-732 Incorrect Permission Assignment for Critical Resource
CVSS: 7
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-49379
WinAVR Official Project Homepage
Credit: Mohammed Alshehri
Description: WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.