CVE-2021-21910
Description
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Privilege escalation in Advantech R-SeeNet 2.4.15 on Windows allows authenticated users to replace the mysql service binary for NT SYSTEM access.
Vulnerability
A privilege escalation vulnerability exists in the Windows installation of Advantech R-SeeNet version 2.4.15. The mysqld.exe binary in C:\R-SeeNet\mysql\bin has incorrect default permissions, granting the "Authenticated Users" group "Change" permission. This service runs with NT SYSTEM authority [1].
Exploitation
An attacker needs only local access as an authenticated user. The attacker can replace the mysqld.exe file with a malicious executable and then restart the mysql service or wait for a system reboot. No additional privileges or user interaction beyond normal authentication is required.
Impact
Successful exploitation grants the attacker NT SYSTEM privileges, allowing complete control over the system, including reading, modifying, or deleting any data, installing programs, and creating new accounts.
Mitigation
No fix is disclosed in the available reference [1]. As a workaround, restrict write access to the C:\R-SeeNet directory for non-administrative users.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- talosintelligence.com/vulnerability_reports/TALOS-2021-1360mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.