CVE-2021-47828

HIGH

BOOTP Turbo <2.0.0.1253 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47828. PoCs published by Erick Galindo.

AI-analyzed exploit summary This exploit describes an unquoted service path vulnerability in BOOTP Turbo 2.0.0.1253, which could allow local privilege escalation by exploiting the service's executable path. The writeup includes steps to identify the vulnerability but does not provide executable PoC code.

Description

BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.

Exploits (1)

exploitdb WRITEUP
by Erick Galindo · textlocalwindows
https://www.exploit-db.com/exploits/49851

This exploit describes an unquoted service path vulnerability in BOOTP Turbo 2.0.0.1253, which could allow local privilege escalation by exploiting the service's executable path. The writeup includes steps to identify the vulnerability but does not provide executable PoC code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: BOOTP Turbo 2.0.0.1253
Auth required
Prerequisites: Local access to the target system · Ability to write to the vulnerable service path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49851
Various Sources product
https://www.weird-solutions.com

Scores

CVSS v3 7.8
EPSS 0.0014
EPSS Percentile 3.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Published Jan 16, 2026
Tracked Since Feb 18, 2026