EIP-2026-117681

PRE-CVE

Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117681. PoCs published by Tulpa.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in Netgear Genie 2.4.32, which could allow local privilege escalation (LPE) due to the service path containing spaces and lacking quotes. The author provides proof of the vulnerability via service configuration details but does not include functional exploit code.

Description

Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by Tulpa · textlocalwindows

https://www.exploit-db.com/exploits/40442

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path vulnerability in Netgear Genie 2.4.32, which could allow local privilege escalation (LPE) due to the service path containing spaces and lacking quotes. The author provides proof of the vulnerability via service configuration details but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Netgear Genie 2.4.32

Auth required

Prerequisites: Local access to the system · Ability to write to the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026