EIP-2026-117322

PRE-CVE

InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117322. PoCs published by Cyril Vallicari.

AI-analyzed exploit summary The exploit describes an unquoted service path vulnerability in ASUS InstantOn (InsOnSrv.exe) version 2.3.1.1, allowing local privilege escalation. The service path lacks quotes, enabling an attacker to place a malicious executable in a higher-priority directory to achieve SYSTEM privileges.

Description

InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Cyril Vallicari · textlocalwindows

https://www.exploit-db.com/exploits/40522

View Code ZIP pw:eip

The exploit describes an unquoted service path vulnerability in ASUS InstantOn (InsOnSrv.exe) version 2.3.1.1, allowing local privilege escalation. The service path lacks quotes, enabling an attacker to place a malicious executable in a higher-priority directory to achieve SYSTEM privileges.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: ASUS InstantOn 2.3.1.1

Auth required

Prerequisites: Local access to the system · Ability to write to a directory in the service path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026