TFTP Broadband 4.3.0.1465 Unquoted Service Path Privilege Escalation
Description
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 4.3.0.1465
Patches
Vulnerability mechanics
Root cause
"Unquoted service binary path in TFTP Broadband 4 allows Windows to interpret spaces as argument separators, enabling privilege escalation via a planted executable."
Attack vector
The service binary path `C:\Program Files\TFTP Broadband 4\tftpt.exe` is not enclosed in quotes. Because Windows interprets each space in the unquoted path as a separator, an attacker who can write to `C:\Program Files\TFTP Broadband 4\` or a parent directory can plant a malicious executable (e.g., `TFTP.exe`). When the service starts (automatically at boot or manually), Windows will execute the attacker's binary instead of the legitimate `tftpt.exe`, achieving arbitrary code execution with LocalSystem privileges. [ref_id=1]
Affected code
The vulnerability exists in the `tftpt.exe` service binary installed at `C:\Program Files\TFTP Broadband 4\tftpt.exe`. The service is configured to run with LocalSystem privileges and uses an unquoted service path, allowing local attackers to hijack execution by placing a malicious executable earlier in the path hierarchy. [ref_id=1]
What the fix does
No patch is provided in the bundle. The advisory [ref_id=1] does not include a vendor fix or commit. The recommended remediation for an unquoted service path vulnerability is to enclose the service binary path in quotes (e.g., `"C:\Program Files\TFTP Broadband 4\tftpt.exe"`) in the Windows service configuration, which prevents the space-based parsing ambiguity that enables the hijack.
Preconditions
- configThe attacker must have write access to `C:\Program Files\TFTP Broadband 4\` or an earlier directory in the unquoted path (e.g., `C:\Program Files\TFTP.exe`).
- authThe attacker must be a local user on the Windows system.
Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/49852mitreexploit
- www.vulncheck.com/advisories/tftp-broadband-unquoted-service-path-privilege-escalationmitrethird-party-advisory
- www.weird-solutions.commitreproduct
News mentions
0No linked articles in our index yet.