CVE-2020-36903
Unknown Unknown - Not Provided
Unquoted Service Path Vulnerability in Selea CarPlateServer Allows Privilege Escalation

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: VulnCheck

Description
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36903
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
selea carplateserver 3.100
selea carplateserver 3.005
selea carplateserver 4.0.1.6
selea carplateserver 4.0.13
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-36903 is an unquoted service path vulnerability in Selea CarPlateServer versions up to 4.0.1.6 on Windows. The service's executable path is not enclosed in quotes, which allows a local, authorized but non-privileged user to place a malicious executable in a directory within the system root path. When the service starts or the system reboots, Windows may incorrectly interpret the unquoted path and execute the attacker's code with elevated LocalSystem privileges, leading to local privilege escalation. [1, 2, 3]

Impact Analysis

This vulnerability allows a local attacker with limited privileges to escalate their privileges to LocalSystem level by exploiting the unquoted service path. This means the attacker can execute arbitrary code with the highest system privileges, potentially gaining full control over the affected system, which can lead to unauthorized access, data manipulation, or disruption of services. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by checking the Windows service configuration for unquoted service paths related to Selea CarPlateServer. Specifically, you can query the service binary path to see if it is unquoted. For example, use the command: sc qc "Selea CarPlateServer" and inspect the BINARY_PATH_NAME field. If the path is not enclosed in quotes and contains spaces, it is vulnerable to this issue. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include enclosing the service binary path in quotes to prevent the unquoted service path vulnerability. Alternatively, update the Selea CarPlateServer software to a fixed version where this issue has been addressed. Additionally, restrict local user permissions to prevent unauthorized users from placing malicious executables in the system root path. Reboot the system or restart the service after applying fixes to ensure the changes take effect. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36903. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart