CVE-2021-28271

HIGH

Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-28271. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit describes an insecure permissions vulnerability in SOYAL 701 Server 9.0.1, where the executable file has full permissions for 'Everyone' and 'Authenticated Users', allowing privilege escalation via binary replacement. The proof-of-concept demonstrates the vulnerability using the `cacls` command output.

Description

Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.

Exploits (1)

exploitdb WRITEUP
by LiquidWorm · textlocalwindows
https://www.exploit-db.com/exploits/49678

The exploit describes an insecure permissions vulnerability in SOYAL 701 Server 9.0.1, where the executable file has full permissions for 'Everyone' and 'Authenticated Users', allowing privilege escalation via binary replacement. The proof-of-concept demonstrates the vulnerability using the `cacls` command output.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: SOYAL 701 Server 9.0.1 and 8.0.6
Auth required
Prerequisites: Authenticated access to the system · Ability to replace the executable file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/en/vulnerabilities
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/49678
Exploit, Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5633.php

Scores

CVSS v3 8.8
EPSS 0.0187
EPSS Percentile 76.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (3)
soyal/701clientsql 10.0 - 10.2
soyal/701server < 9.0.2
soyal/701serversql 10.0 - 10.2
Published Apr 27, 2021
Tracked Since Feb 18, 2026