Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path — Wondershare Application Framework Service 7.8 High2026-02-06
CVE-2019-25286 _GCafé 3.0 - 'gbClienService' Unquoted Service Path — _GCafé 7.8 High2026-02-04
CVE-2019-25283 Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path — Shrew Soft VPN Client 7.8 High2026-02-04
CVE-2019-25288 Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path — Wacom WTabletService 7.8 High2026-02-04
CVE-2019-25287 Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path — Adaware Web Companion version 7.8 High2026-02-04
CVE-2019-25285 Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path — device Controller 7.8 High2026-02-04
CVE-2019-25281 NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths — NCP_Secure_Entry_Client 7.8 High2026-02-04
CVE-2019-25275 BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path — BartVPN 7.8 High2026-02-04
CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path — Studio 7.8 High2026-02-04
CVE-2019-25273 Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path — IP 7.8 High2026-02-04
CVE-2019-25274 ProShow Producer 9.0.3797 - Unquoted Service Path — ProShow Producer 7.8 High2026-02-04
CVE-2019-25272 TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path — TexasSoft CyberPlanet 7.8 High2026-02-04
CVE-2019-25271 NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path — Data Backup 7.8 High2026-02-04
CVE-2019-25269 Amiti Antivirus 25.0.640 - Unquoted Service Path Vulnerability — Amiti Antivirus 7.8 High2026-02-04
CVE-2019-25267 Wing FTP Server 6.0.7 - Unquoted Service Path — Wing FTP Server 7.8 High2026-02-04
CVE-2020-37102 Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path — Web Companion 7.8 High2026-02-03
CVE-2020-37100 Sync Breeze Enterprise 12.4.18 - Unquoted Service Path — Sync Breeze Enterprise 7.8 High2026-02-03
CVE-2020-37101 VPN unlimited 6.1 - Unquoted Service Path — VPN unlimited 7.8 High2026-02-03
CVE-2020-37098 Disk Sorter Enterprise 12.4.16 - Unquoted Service Path — Disk Sorter Enterprise 7.8 High2026-02-03
CVE-2020-37099 Disk Savvy Enterprise 12.3.18 - 'disksvs.exe' Unquoted Service Path — Disk Savvy Enterprise 7.8 High2026-02-03
CVE-2019-25261 AnyDesk 5.4.0 - Unquoted Service Path — AnyDesk 7.8 High2026-02-03
CVE-2020-37063 TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path — TFTP Turbo 7.8 High2026-02-01
CVE-2020-37064 EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path — EPSON EasyMP Network Projection 7.8 High2026-02-01
CVE-2020-37062 DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Path — DHCP Turbo 7.8 High2026-02-01
CVE-2020-37061 BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path — BOOTP Turbo 7.8 High2026-02-01
CVE-2020-37048 Iskysoft Application Framework Service 2.4.3.241 - 'IsAppService' Unquoted Service Path — Iskysoft Application Framework Service 7.8 High2026-02-01
CVE-2020-37055 SpyHunter 4 - 'SpyHunter 4 Service' Unquoted Service Path — SpyHunter 7.8 High2026-02-01
CVE-2020-37047 Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path — Deep Instinct Windows Agent 7.8 High2026-02-01
CVE-2020-37045 NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path — NetBackup 7.8 High2026-02-01
CVE-2020-37037 AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path — AVAST SecureLine 7.8 High2026-02-01

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.