CVE-2021-47869
Unknown Unknown - Not Provided
Unquoted Service Path Vulnerability in Brother BRAdmin Enables Local Code Execution

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47869
EUVD
EUVD-2026-3638
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
brother bradmin_professional 3.75
brother bradmin_professional 3.76
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47869 is an unquoted service path vulnerability in Brother BRAdmin Professional version 3.75, specifically in the BRA_Scheduler service. Because the service path contains spaces and is not enclosed in quotes, a local attacker with write access to the Brother installation directory (C:\Program Files (x86)\Brother\) can place a malicious executable named 'BRAdmin.exe' there. When the system restarts, the service may execute this malicious executable instead of the legitimate one, allowing the attacker to run arbitrary code with SYSTEM-level privileges, effectively escalating their privileges on the system. [2, 3, 5]

Impact Analysis

This vulnerability can allow a local user with write access to the Brother installation directory to escalate their privileges to SYSTEM level by executing arbitrary code. This means an attacker could gain full control over the affected system, potentially adding new administrator accounts, installing malware, or performing other malicious actions with the highest system privileges. [2, 3, 5]

Detection Guidance

This vulnerability can be detected by inspecting the service path of the BRA_Scheduler service to check for unquoted paths. You can use the following commands: - To detect the unquoted service path: wmic service get name, pathname, displayname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\" | findstr /i "BRAdmin" | findstr /i /v '"' - To query the service configuration: sc qc BRA_Scheduler These commands help identify if the BRA_Scheduler service has an unquoted path that could be exploited. [2, 3]

Mitigation Strategies

Immediate mitigation steps include: - Restrict write permissions to the directory 'C:\Program Files (x86)\Brother\' to prevent unauthorized users from placing a malicious executable named 'BRAdmin.exe'. - Quote the service path for the BRA_Scheduler service to ensure Windows correctly interprets the executable path and does not execute malicious files placed in the directory. - Consider updating or patching the BRAdmin Professional software if a fixed version is available. - As a temporary measure, monitor the directory for suspicious files named 'BRAdmin.exe' and remove any unauthorized executables. - Restart the system after applying these mitigations to ensure the service runs with the corrected path or permissions. [2, 5]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47869. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart