Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-428 (未经引用的搜索路径或元素) — Vulnerability Class 296

296 vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素). AI Chinese analysis included.

CWE-428 represents a critical input validation weakness where software constructs search paths containing unquoted elements with whitespace or separators. This flaw typically enables privilege escalation attacks, as attackers can exploit the ambiguous parsing by placing malicious executables in parent directories, such as creating a file named "Program.exe" within a system folder. When a privileged process executes a command like WinExec without proper quoting, it may inadvertently run the attacker-controlled file instead of the intended target. Developers prevent this vulnerability by strictly enforcing quoted strings around all path elements in command-line arguments. Additionally, implementing strict input validation and avoiding dynamic path construction from untrusted sources ensures that the operating system correctly interprets the intended file location, thereby neutralizing the risk of unintended resource access or code execution.

MITRE CWE Description
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
Mitigations (3)
ImplementationProperly quote the full search path before executing a program on the system.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
Examples (1)
The following example demonstrates the weakness.
UINT errCode = WinExec( "C:\\Program Files\\Foo\\Bar", SW_SHOW );
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-47833 WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path — WifiHotSpot 7.8 High2026-01-16
CVE-2021-47829 DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path — DHCP Broadband 7.8 High2026-01-16
CVE-2021-47828 BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path — BOOTP Turbo 7.8 High2026-01-16
CVE-2021-47825 Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path — Acer Updater Service 7.8 High2026-01-16
CVE-2021-47826 Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path — Acer Backup Manager Module 7.8 High2026-01-16
CVE-2021-47823 ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path — ePowerSvc 7.8 High2026-01-16
CVE-2021-47822 DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path — DiskBoss Service 7.8 High2026-01-16
CVE-2021-47810 WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path — WibuKey Runtime 7.8 High2026-01-15
CVE-2021-47809 Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path — Disk Sorter Enterprise 7.8 High2026-01-15
CVE-2021-47807 Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path — Sync Breeze 7.8 High2026-01-15
CVE-2021-47806 Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path — Dup Scout 7.8 High2026-01-15
CVE-2021-47805 Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path — Disk Savvy 7.8 High2026-01-15
CVE-2021-47804 Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path — Wise Care 7.8 High2026-01-15
CVE-2021-47803 iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path — iFunbox 7.8 High2026-01-15
CVE-2021-47792 Remote Mouse 4.002 - Unquoted Service Path — Remote Mouse 7.8 High2026-01-15
CVE-2021-47790 Active WebCam 11.5 - Unquoted Service Path — Active WebCam 7.8 High2026-01-15
CVE-2021-47787 TotalAV 5.15.69 - Unquoted Service Path — TotalAV 7.8 High2026-01-15
CVE-2021-47780 Macro Expert 4.7 - Unquoted Service Path — Macro Expert 7.8 High2026-01-15
CVE-2020-36929 Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path — Brother BRPrint Auditor 7.8 High2026-01-15
CVE-2020-36930 SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path — SysGauge 7.8 High2026-01-15
CVE-2020-36927 DiskPulse 13.6.14 - Unquoted Service Path — DiskPulse 7.8 High2026-01-15
CVE-2020-36928 Brother BRAgent 1.38 - 'WBA_Agent_Client' Unquoted Service Path — Brother BRAgent 7.8 High2026-01-15
CVE-2021-47773 Dynojet Power Core 2.3.0 - Unquoted Service Path — Dynojet Power Core 7.8 High2026-01-15
CVE-2021-47767 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path — Strike Network Inventory Explorer Pro 7.8 High2026-01-15
CVE-2021-47762 HTTPDebuggerPro 9.11 - Unquoted Service Path — HTTPDebuggerPro 7.8 High2026-01-15
CVE-2023-54338 Tftpd32_SE 4.60 - 'Tftpd32_svc' Unquoted Service Path — Tftpd32_SE 8.4 High2026-01-13
CVE-2023-54336 Mediconta 3.7.27 - 'servermedicontservice' Unquoted Service Path — Mediconta 8.4 High2026-01-13
CVE-2023-54331 Outline 1.6.0 - Unquoted Service Path — Outline 7.8 High2026-01-13
CVE-2023-53984 HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path — HotKey Clipboard 8.4 High2026-01-13
CVE-2022-50938 CONTPAQi® AdminPAQ 14.0.0 - Unquoted Service Path — CONTPAQ AdminPAQ 8.4 High2026-01-13

Vulnerabilities classified as CWE-428 (未经引用的搜索路径或元素) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.