EIP-2026-118038

PRE-CVE

UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118038. PoCs published by Edgar Carrillo Egea.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in UDisk Monitor Z5 Phone's 'MonServiceUDisk.exe'. The author provides steps to identify the vulnerability using WMIC and SC commands, highlighting the lack of quotes around the service path, which could allow local privilege escalation.

Description

UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by Edgar Carrillo Egea · textlocalwindows

https://www.exploit-db.com/exploits/50901

View Code ZIP pw:eip

This is a technical writeup detailing an unquoted service path vulnerability in UDisk Monitor Z5 Phone's 'MonServiceUDisk.exe'. The author provides steps to identify the vulnerability using WMIC and SC commands, highlighting the lack of quotes around the service path, which could allow local privilege escalation.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: UDisk Monitor Z5 Phone 2.0.3.0

Auth required

Prerequisites: Local access to the system · Service with unquoted path installed

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026