CVE-2021-47773

HIGH

Dynojet Power Core 2.3.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47773. PoCs published by Pedro Sousa Rodrigues.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in Dynojet Power Core 2.3.0. The service path is modifiable by authenticated users, allowing potential privilege escalation to Local System.

Description

Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit the unquoted binary path by placing malicious executables in the service's file path to gain Local System access.

Exploits (1)

exploitdb WRITEUP

by Pedro Sousa Rodrigues · textlocalwindows

https://www.exploit-db.com/exploits/50466

View Code ZIP pw:eip

This is a writeup describing an unquoted service path vulnerability in Dynojet Power Core 2.3.0. The service path is modifiable by authenticated users, allowing potential privilege escalation to Local System.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Dynojet Power Core 2.3.0 (Build 303)

Auth required

Prerequisites: Authenticated user access · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit

https://www.exploit-db.com/exploits/50466

Product product

https://www.dynojet.com/

Scores

CVSS v3 7.8

EPSS 0.0027

EPSS Percentile 18.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

dynojet/power_core 2.3.0

Published Jan 15, 2026

Tracked Since Feb 18, 2026