CVE-2024-37726

MEDIUM

MSI Center <2.0.36.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-37726. PoCs published by carsonchan12345, NextGenPentesters.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-37726, a local privilege escalation vulnerability in MSI Center. The exploit leverages file oplocks and directory junction manipulation to achieve elevation of privilege.

Description

Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe

Exploits (2)

nomisec WORKING POC 37 stars

by carsonchan12345 · poc

https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-37726, a local privilege escalation vulnerability in MSI Center. The exploit leverages file oplocks and directory junction manipulation to achieve elevation of privilege.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI Center (version not specified)

No auth needed

Prerequisites: Local access to the system · MSI Center installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by NextGenPentesters · poc

https://github.com/NextGenPentesters/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-37726, a local privilege escalation vulnerability in MSI Center. The exploit leverages arbitrary file overwrite via oplock manipulation and directory junction abuse to escalate privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: MSI Center (version not specified)

No auth needed

Prerequisites: Local access to the target system · MSI Center installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation

Scores

CVSS v3 6.8

EPSS 0.0086

EPSS Percentile 53.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-269

Status published

Published Jul 03, 2024

Tracked Since Feb 18, 2026