CVE-2020-36933

HIGH

HTC IPTInstaller 4.0.9 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36933. PoCs published by SamAlucard.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in HTC IPTInstaller 4.0.9. The service 'PassThru Service' has a space in its path, which could allow local privilege escalation if an attacker can place a malicious executable in the path.

Description

HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.

Exploits (1)

exploitdb WRITEUP

by SamAlucard · textlocalwindows

https://www.exploit-db.com/exploits/49006

View Code ZIP pw:eip

This is a writeup describing an unquoted service path vulnerability in HTC IPTInstaller 4.0.9. The service 'PassThru Service' has a space in its path, which could allow local privilege escalation if an attacker can place a malicious executable in the path.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: HTC IPTInstaller 4.0.9

Auth required

Prerequisites: Local access to the system · Ability to write to the root of C:\

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources product

https://www.htc.com/latam/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/iptinstaller-passthru-service-unquoted-service-path

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/49006

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Published Jan 25, 2026

Tracked Since Feb 18, 2026