EIP-2026-117978

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117978. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in Sygate Personal Firewall by sending a crafted IOCTL request to the kernel-space NDIS driver device (\\.\Teefer) to disable the firewall's fail-closed functionality. The code opens a handle to the device and sends a specific control code (0x212094) with a zeroed buffer to manipulate the driver's state.

Description

Sygate Personal Firewall Pro 5.5 - Local Fail-Close Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tan Chew Keong · textlocalwindows

https://www.exploit-db.com/exploits/24200

View Code ZIP pw:eip

This exploit demonstrates a local privilege escalation vulnerability in Sygate Personal Firewall by sending a crafted IOCTL request to the kernel-space NDIS driver device (\\.\Teefer) to disable the firewall's fail-closed functionality. The code opens a handle to the device and sends a specific control code (0x212094) with a zeroed buffer to manipulate the driver's state.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Sygate Personal Firewall (version not specified)

No auth needed

Prerequisites: Local access to the system · Sygate Personal Firewall installed and running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Sygate Personal Firewall Pro 5.5 - Local Fail-Close Bypass

Exploitation Summary

Description

Exploits (1)

Details