CVE-2023-44976

LOW EXPLOITED

Hangzhou Shunwang Rentdrv2 <2024-12-24 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-44976 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including keowu.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-44976, which involves a vulnerable driver (rentdrv2.sys) that allows arbitrary process termination via IOCTL calls. The PoC includes driver installation, service management, and process killing capabilities.

Description

Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.

Exploits (1)

nomisec WORKING POC 105 stars
by keowu · local
https://github.com/keowu/BadRentdrv2

This repository contains a functional exploit for CVE-2023-44976, which involves a vulnerable driver (rentdrv2.sys) that allows arbitrary process termination via IOCTL calls. The PoC includes driver installation, service management, and process killing capabilities.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: rentdrv2.sys (unknown version)
No auth needed
Prerequisites: Windows system with vulnerable rentdrv2.sys driver · Ability to execute code on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 3.2
EPSS 0.0016
EPSS Percentile 6.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2023-11-23
CWE
CWE-782
Status published
Products (2)
Hangzhou Shunwang/Rentdrv2 1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3
Hangzhou Shunwang/Rentdrv2 9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5
Published Aug 01, 2025
Tracked Since Feb 18, 2026