CVE-2021-43458

HIGH

Vembu BDR 4.2.0.1 - Unquoted Service Path

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43458. PoCs published by Mohammed Alshehri.

AI-analyzed exploit summary This exploit describes an unquoted service path vulnerability in Vembu BDR 4.2.0.1 U1, where services with unquoted paths could allow local privilege escalation by executing arbitrary code during system startup or reboot.

Description

An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.

Exploits (1)

exploitdb WRITEUP

by Mohammed Alshehri · textlocalwindows

https://www.exploit-db.com/exploits/49641

View Code ZIP pw:eip

This exploit describes an unquoted service path vulnerability in Vembu BDR 4.2.0.1 U1, where services with unquoted paths could allow local privilege escalation by executing arbitrary code during system startup or reboot.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Vembu BDR 4.2.0.1 U1

Auth required

Prerequisites: Local access to the system · Ability to write to the file system in the service path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://github.com/M507/Miner

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49641

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/198151

Scores

CVSS v3 7.8

EPSS 0.0045

EPSS Percentile 35.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-428

Status published

Products (1)

vembu/bdr_suite 4.2.0.1 update1

Published Apr 04, 2022

Tracked Since Feb 18, 2026