关键信息 漏洞名称 Epson USB Display 1.6.0.0 Unquoted Service Path Vulnerability 严重程度 SEREITY: HIGH 发布日期 DATE: January 22, 2026 受影响的软件 Affected Software: Epson USB Display 1.6.0.0 CVE标识符 CVE: CVE-2021-47898 CWE分类 CWE-428 Unquoted Search Path or Element CVSS评分 CVSS V4 VECTOR: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 参考资料 REFERENCES: - ExploitDB-49548 - Epson Official Homepage 发现者 CREDIT: Hector Gerbacio 描述 DESCRIPTION: - Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.