CVE-2020-36928
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-02-09

Assigner: VulnCheck

Description
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36928
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
brother bragent 1.38
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in Brother BRAgent version 1.38's 'WBA_Agent_Client' Windows service. Because the service executable path contains spaces and is not enclosed in quotes, an attacker with local access can place a malicious executable in a directory path segment that Windows interprets before the legitimate service executable. When the service starts, it executes the malicious code with elevated LocalSystem privileges, allowing privilege escalation. [1, 3]

Impact Analysis

If exploited, this vulnerability allows an attacker with local access to execute arbitrary code with system-level privileges on the affected machine. This can lead to full control over the system, including compromising confidentiality, integrity, and availability of data and services. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for unquoted service paths in Windows services, specifically the 'WBA_Agent_Client' service. You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (sc) commands to identify services with unquoted paths that start automatically and are not located in the Windows directory. For example, use the command: wmic service get name,pathname,startmode | findstr /i "WBA_Agent_Client" to find the service path, and then check if the path is unquoted. Additionally, use sc qc WBA_Agent_Client to query the service configuration and verify if the executable path is unquoted. [1]

Mitigation Strategies

Immediate mitigation steps include enclosing the service executable path in quotes to prevent path parsing issues. Specifically, update the 'WBA_Agent_Client' service path from an unquoted path like C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe to a quoted path "C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe". This can be done by editing the service configuration using the sc command or registry editor. Additionally, ensure that only trusted users have write permissions to directories in the service path to prevent malicious executable placement. If possible, apply any vendor patches or updates addressing this issue. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36928. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart