CVE-2024-57394

HIGH

Qi-ANXIN Tianqing Endpoint Security Management System v10.0 - Arbitrary File Write via Quarantine Restore Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57394. PoCs published by cwjchoi01.

AI-analyzed exploit summary This PoC demonstrates a local privilege escalation (LPE) vulnerability in Qi-ANXIN Tianqing Endpoint Security Management System 10.0. It exploits a file restoration flaw to place a malicious DLL in `C:\Windows\System32` and leverages DLL hijacking via StorSvc to achieve SYSTEM privileges.

Description

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities.

Exploits (1)

nomisec WORKING POC

by cwjchoi01 · poc

https://github.com/cwjchoi01/CVE-2024-57394

View Code ZIP pw:eip

This PoC demonstrates a local privilege escalation (LPE) vulnerability in Qi-ANXIN Tianqing Endpoint Security Management System 10.0. It exploits a file restoration flaw to place a malicious DLL in `C:\Windows\System32` and leverages DLL hijacking via StorSvc to achieve SYSTEM privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Qi-ANXIN Tianqing Endpoint Security Management System 10.0

Auth required

Prerequisites: Low-privilege access to the target system · Ability to land a malicious DLL on the system · DLL must be quarantined by the EDR client

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://en.qianxin.com/product/detail/165

Exploit, Third Party Advisory

https://github.com/cwjchoi01/CVE-2024-57394

Scores

CVSS v3 8.8

EPSS 0.0047

EPSS Percentile 36.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-73

Status published

Products (1)

qianxin/tianqing_endpoint_security_management_system 10.0

Published Apr 21, 2025

Tracked Since Feb 18, 2026