CVE-2021-47880
Unknown Unknown - Not Provided
Unquoted Service Path in Realtek WLAN Utility Enables Privilege Escalation

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47880
EUVD
EUVD-2026-3631
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
realtek wireless_lan_utility 700.1631
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in the Realtek Wireless LAN Utility version 700.1631, specifically in the 'Realtek11nSU' Windows service. Because the service executable path contains spaces but is not enclosed in quotes, a local attacker can place a malicious executable in a directory along the path. When the service starts or the system reboots, the system might execute the malicious code with elevated system privileges, as the service runs under the LocalSystem account with automatic startup enabled. This allows local users to potentially execute arbitrary code with high privileges. [1, 3]

Impact Analysis

This vulnerability can lead to privilege escalation on affected systems. A local attacker with access can exploit the unquoted service path to execute malicious code with elevated system privileges (LocalSystem), potentially compromising the entire system. This could allow the attacker to gain full control over the system, bypass security controls, and perform unauthorized actions. [1, 3]

Detection Guidance

You can detect this vulnerability by checking the service path of the 'Realtek11nSU' Windows service to see if it is unquoted and contains spaces. On a Windows system, you can use the following command in an elevated command prompt or PowerShell to check the service path: sc qc Realtek11nSU. If the path shown is unquoted and contains spaces (e.g., C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe), the system is vulnerable. Additionally, you can manually inspect the service executable path in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Realtek11nSU to verify if the path is unquoted. [1, 3]

Mitigation Strategies

Immediate mitigation steps include quoting the service path to prevent the unquoted service path vulnerability. This can be done by modifying the service executable path to be enclosed in double quotes, for example: "C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe". Alternatively, you can temporarily disable the 'Realtek11nSU' service to prevent it from starting until a patch or update is applied. Ensuring that only trusted users have local access to the system can also reduce risk. Monitoring for suspicious executables in the directories along the service path is recommended until the issue is resolved. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47880. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart