CVE-2020-12828

CRITICAL

AnchorFree VPN SDK <1.3.3.218 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-12828. PoCs published by 0xsha.

AI-analyzed exploit summary This PoC exploits CVE-2020-12828, a vulnerability in the AnchorFree VPN SDK, allowing SYSTEM-level code execution by sending a malformed JSON payload to the vpnservice.exe port (52217). The exploit triggers arbitrary command execution via the 'vpnExecutablePath' parameter.

Description

An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges.

Exploits (1)

nomisec WORKING POC 28 stars

by 0xsha · poc

https://github.com/0xsha/ZombieVPN

View Code ZIP pw:eip

This PoC exploits CVE-2020-12828, a vulnerability in the AnchorFree VPN SDK, allowing SYSTEM-level code execution by sending a malformed JSON payload to the vpnservice.exe port (52217). The exploit triggers arbitrary command execution via the 'vpnExecutablePath' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AnchorFree VPN SDK (Bitdefender Total Security 2020 1.2.13.81)

No auth needed

Prerequisites: Network access to the target system · vpnservice.exe running on port 52217

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.pango.co/sec31944/

Scores

CVSS v3 9.8

EPSS 0.0328

EPSS Percentile 86.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

pango/virtual_private_network_software_development_kit < 1.3.3.218

Published May 21, 2020

Tracked Since Feb 18, 2026