EIP-2026-118000

PRE-CVE

Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118000. PoCs published by LiquidWorm.

AI-analyzed exploit summary The writeup describes an unquoted search path vulnerability in Telefonica O2 Connection Manager 8.7.6.792, where the 'TGCM_ImportWiFiSvc' service could allow local privilege escalation due to improper handling of the executable path. The advisory includes technical details such as service configuration and file permissions.

Description

Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/34967

View Code ZIP pw:eip

The writeup describes an unquoted search path vulnerability in Telefonica O2 Connection Manager 8.7.6.792, where the 'TGCM_ImportWiFiSvc' service could allow local privilege escalation due to improper handling of the executable path. The advisory includes technical details such as service configuration and file permissions.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Telefonica O2 Connection Manager 8.7.6.792

Auth required

Prerequisites: Local access to the system · Ability to place executable in the system root path

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026