CVE-2021-47767

HIGH

10-strike Network Inventory Explorer - Privilege Escalation

Title source: rule

Description

10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.

Exploits (1)

exploitdb WRITEUP

by Brian Rodriguez · textlocalwindows

https://www.exploit-db.com/exploits/50494

View Code ZIP pw:eip

References (2)

[Exploit] https://www.exploit-db.com/exploits/50494

[Product] https://www.10-strike.com/

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

10-strike/network_inventory_explorer 9.31

Published Jan 15, 2026

Tracked Since Feb 18, 2026