CVE-2024-10930

HIGH

Carrier Block Load - Uncontrolled Search Path Element

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-10930. PoCs published by sahil3276.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2024-10930, a local privilege escalation vulnerability in Carrier's E20-BLK416X.EXE version 4.16. The vulnerability allows arbitrary code execution when a malicious binary is placed in the same directory as the installer and executed.

Description

An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

Exploits (1)

nomisec WRITEUP
by sahil3276 · poc
https://github.com/sahil3276/CVE-2024-10930

This repository provides a detailed technical writeup for CVE-2024-10930, a local privilege escalation vulnerability in Carrier's E20-BLK416X.EXE version 4.16. The vulnerability allows arbitrary code execution when a malicious binary is placed in the same directory as the installer and executed.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Carrier E20-BLK416X.EXE version 4.16
No auth needed
Prerequisites: Local access to the system · Ability to place a malicious binary in the same directory as the installer
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-01

Scores

CVSS v3 7.8
EPSS 0.0036
EPSS Percentile 27.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-427
Status published
Products (2)
carrier/block_load 4.00
carrier/block_load 4.10 - 4.16
Published Mar 04, 2025
Tracked Since Feb 18, 2026