CVE-2023-54353

HIGH

Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-54353. PoCs published by Laguin Benjamin.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in Chromacam 4.0.3.0, where the service path contains spaces and lacks quotes, allowing an attacker with write permissions to plant a malicious executable in the path. The writeup includes discovery steps and exploitation details.

Description

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files (x86)\Personify\ can place a malicious Program.exe or PsyFrameGrabberService.exe file that executes with LocalSystem privileges when the service starts automatically at boot.

Exploits (1)

exploitdb WRITEUP

by Laguin Benjamin · textlocalwindows

https://www.exploit-db.com/exploits/51210

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path vulnerability in Chromacam 4.0.3.0, where the service path contains spaces and lacks quotes, allowing an attacker with write permissions to plant a malicious executable in the path. The writeup includes discovery steps and exploitation details.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Chromacam 4.0.3.0

Auth required

Prerequisites: Write access to C:\Program Files (x86)\ or subdirectories · Service restart or system reboot

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-51210

https://www.exploit-db.com/exploits/51210

Product product

Official Product Homepage

https://personifyinc.com/

Product product

Product Reference

https://personifyinc.com/download/chromacam

Third Party Advisory third-party-advisory

VulnCheck Advisory: Chromacam 4.0.3.0 Unquoted Service Path Privilege Escalation

https://www.vulncheck.com/advisories/chromacam-unquoted-service-path-privilege-escalation

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 2.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Personifyinc/Chromacam 4.0.3.0

Published Jun 19, 2026

Tracked Since Jun 19, 2026