CVE-2021-47882

HIGH

FreeLAN 2.2 - Unquoted Service Path Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47882. PoCs published by Mohammed Alshehri.

AI-analyzed exploit summary This is a writeup describing an unquoted service path vulnerability in FreeLAN 2.2, which could allow privilege escalation during system startup or reboot. The exploit details are theoretical and lack executable PoC code.

Description

FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup.

Exploits (1)

exploitdb WRITEUP
by Mohammed Alshehri · textlocalwindows
https://www.exploit-db.com/exploits/49630

This is a writeup describing an unquoted service path vulnerability in FreeLAN 2.2, which could allow privilege escalation during system startup or reboot. The exploit details are theoretical and lack executable PoC code.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Theoretical
Target: FreeLAN 2.2
Auth required
Prerequisites: Local access to the system · Ability to write to the vulnerable path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49630

Scores

CVSS v3 7.8
EPSS 0.0014
EPSS Percentile 3.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
FreeLAN/FreeLAN 2.2
Published Jan 21, 2026
Tracked Since Feb 18, 2026