EIP-2026-117120

PRE-CVE

ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117120. PoCs published by ZwX.

AI-analyzed exploit summary This exploit demonstrates an unquoted service path vulnerability in ELAN Smart-Pad's ETDService, allowing local privilege escalation by exploiting the service's binary path. The PoC shows the service configuration, confirming the unquoted path which can be abused to execute arbitrary code with SYSTEM privileges.

Description

ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path

Exploits (1)

exploitdb WORKING POC

by ZwX · textlocalwindows

https://www.exploit-db.com/exploits/48009

View Code ZIP pw:eip

This exploit demonstrates an unquoted service path vulnerability in ELAN Smart-Pad's ETDService, allowing local privilege escalation by exploiting the service's binary path. The PoC shows the service configuration, confirming the unquoted path which can be abused to execute arbitrary code with SYSTEM privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: ELAN Smart-Pad 11.10.15.1

Auth required

Prerequisites: Local access to the target system · Ability to write to the root of the C: drive or another location in the unquoted path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026