CVE-2021-47878
Unquoted Service Path in eBeam Device Service Enables Privilege Escalation
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| luidia | ebeam_education_suite | 2.5.0.9 |
| luidia | ebeam_device_service | 2.5.0.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47878 is an unquoted service path vulnerability in the eBeam Device Service of eBeam Education Suite version 2.5.0.9. Because the service executable path contains spaces but is not enclosed in quotes, a local attacker can place a malicious executable in a directory path that the system searches before the legitimate executable during service startup. This causes the malicious code to execute with elevated LocalSystem privileges, allowing the attacker to run arbitrary code with high-level access on the affected system. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation on the affected system. A local attacker who exploits the unquoted service path can execute arbitrary code with LocalSystem privileges, which is the highest level of access on a Windows system. This can allow the attacker to install malware, modify system settings, or take full control of the system, potentially compromising the confidentiality, integrity, and availability of the system and its data. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the service executable path for unquoted spaces in the eBeam Device Service configuration. On Windows systems, you can use the command: sc qc "eBeam Device Service" to query the service configuration and inspect the BINARY_PATH_NAME for unquoted paths containing spaces. If the path is unquoted and contains spaces, it is vulnerable to this issue. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the service executable path by adding quotes around the path in the service configuration to prevent path hijacking. Alternatively, ensure that no malicious executables exist in directories that precede the legitimate service path. Restrict local user permissions to prevent placing executables in these directories. Applying vendor patches or updates when available is also recommended. [1, 3]