CVE-2021-47773

HIGH

Dynojet Power Core 2.3.0 - Code Injection

Title source: llm

Description

Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to gain Local System access.

Exploits (1)

exploitdb WRITEUP

by Pedro Sousa Rodrigues · textlocalwindows

https://www.exploit-db.com/exploits/50466

View Code ZIP pw:eip

References (2)

[Exploit] https://www.exploit-db.com/exploits/50466

[Product] https://www.dynojet.com/

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

dynojet/power_core 2.3.0

Published Jan 15, 2026

Tracked Since Feb 18, 2026