CVE-2020-36938

HIGH

WinAVR <20100110 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36938. PoCs published by Mohammed Alshehri.

AI-analyzed exploit summary This is a writeup detailing insecure folder permissions in WinAVR 20100110, where authenticated users have modify (M) permissions on critical DLLs and executables, potentially allowing DLL hijacking or replacement attacks.

Description

WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.

Exploits (1)

exploitdb WRITEUP

by Mohammed Alshehri · textlocalwindows

https://www.exploit-db.com/exploits/49379

View Code ZIP pw:eip

This is a writeup detailing insecure folder permissions in WinAVR 20100110, where authenticated users have modify (M) permissions on critical DLLs and executables, potentially allowing DLL hijacking or replacement attacks.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: WinAVR Version 20100110

Auth required

Prerequisites: Authenticated user access to the system · WinAVR 20100110 installed with default permissions

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product product

https://sourceforge.net/projects/winavr/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/winavr-version-insecure-folder-permissions

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/49379

Scores

CVSS v3 8.8

EPSS 0.0020

EPSS Percentile 9.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

WinAVR/WinAVR 20100110

Published Jan 27, 2026

Tracked Since Feb 18, 2026