NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege
Description
NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
Root cause
"The service binary path is not enclosed in quotes, allowing Windows to interpret spaces as argument separators and enabling arbitrary code execution via a planted executable in a preceding path component."
Attack vector
A local, non-privileged user can place a malicious executable in a directory that Windows will search before the intended binary due to the unquoted service path [CWE-428]. For example, placing `C:\Program.exe` or `C:\Program Files\NetDrive2\nd2svc.exe` (as a different file) causes the service to launch the attacker's code instead of the legitimate binary. The malicious code executes with SYSTEM privileges when the service starts or the system reboots [ref_id=1].
Affected code
The vulnerability is in the NetDrive 2.6.12 service binary path `C:\Program Files\NetDrive2\nd2svc.exe`, which is not enclosed in quotes. The service runs with SYSTEM privileges and is configured for automatic startup.
What the fix does
The advisory does not include a patch. To remediate, the vendor must quote the service binary path in the registry or service configuration, e.g., `"C:\Program Files\NetDrive2\nd2svc.exe"`. Without quoting, Windows interprets each space as a separator and searches for executables in the directories formed by the partial path, allowing an attacker to hijack execution [ref_id=1].
Preconditions
- inputThe attacker must have the ability to write files to a directory that is part of the unquoted path (e.g., `C:\` or `C:\Program Files\NetDrive2\`).
- authThe attacker must be a local user on the affected Windows system.
- configThe service must be restarted or the system rebooted to trigger execution of the planted executable.
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.exploit-db.com/exploits/40422mitreexploit
- www.vulncheck.com/advisories/netdrive-unquoted-service-path-elevation-of-privilegemitrethird-party-advisory
- www.netdrive.netmitreproduct
- www.netdrive.net/downloadmitreproduct
News mentions
0No linked articles in our index yet.