CVE-2020-36603

MEDIUM

Genshin Impact <1.0.0.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36603. PoCs published by gmh5225.

AI-analyzed exploit summary This repository provides a detailed analysis of CVE-2020-36603, a vulnerability in the HoYoVerse Genshin Impact mhyprot2.sys anti-cheat driver that allows local privilege escalation (LPE) due to inadequate restrictions on unprivileged function calls. It includes references to technical writeups, exploit repositories, and real-world abuse cases but does not contain functional exploit code.

Description

The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.

Exploits (1)

nomisec WRITEUP 2 stars

by gmh5225 · poc

https://github.com/gmh5225/CVE-2020-36603

View Code ZIP pw:eip

This repository provides a detailed analysis of CVE-2020-36603, a vulnerability in the HoYoVerse Genshin Impact mhyprot2.sys anti-cheat driver that allows local privilege escalation (LPE) due to inadequate restrictions on unprivileged function calls. It includes references to technical writeups, exploit repositories, and real-world abuse cases but does not contain functional exploit code.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: mhyprot2.sys 1.0.0.0

No auth needed

Prerequisites: Administrative privileges to install the mhyprot2.sys driver · Local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory x_refsource_misc

https://github.com/kkent030315/evil-mhyprot-cli

Exploit, Third Party Advisory x_refsource_misc

https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html

Exploit, Press/Media Coverage, Third Party Advisory x_refsource_misc

https://www.vice.com/en/article/y3p35w/hackers-are-using-anti-cheat-in-genshin-impact-to-ransom-victims

Third Party Advisory x_refsource_misc

https://github.com/kagurazakasanae/Mhyprot2DrvControl

View Writeup ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://web.archive.org/web/20211204031301/https://www.godeye.club/2021/05/20/001-disclosure-mhyprot.html

Scores

CVSS v3 6.5

EPSS 0.0040

EPSS Percentile 32.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

hoyoverse/mhyprot2 1.0.0.0

Published Sep 14, 2022

Tracked Since Feb 18, 2026