CVE-2021-47767

HIGH

10-Strike Network Inventory Explorer Pro 9.31 - Unquoted Service Path Privilege Escalation via srvInventoryWebServer

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47767. PoCs published by Brian Rodriguez.

AI-analyzed exploit summary This is a writeup detailing an unquoted service path vulnerability in 10-Strike Network Inventory Explorer Pro 9.31. The vulnerability allows local privilege escalation due to improper handling of spaces in the service path.

Description

10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.

Exploits (1)

exploitdb WRITEUP
by Brian Rodriguez · textlocalwindows
https://www.exploit-db.com/exploits/50494

This is a writeup detailing an unquoted service path vulnerability in 10-Strike Network Inventory Explorer Pro 9.31. The vulnerability allows local privilege escalation due to improper handling of spaces in the service path.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: 10-Strike Network Inventory Explorer Pro 9.31
Auth required
Prerequisites: Local access to the target system · Ability to execute commands with sufficient privileges to exploit the unquoted service path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Product product
https://www.10-strike.com/

Scores

CVSS v3 7.8
EPSS 0.0021
EPSS Percentile 11.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
10-strike/network_inventory_explorer 9.31
Published Jan 15, 2026
Tracked Since Feb 18, 2026