CVE-2021-47880
Unquoted Service Path in Realtek WLAN Utility Enables Privilege Escalation
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| realtek | wireless_lan_utility | 700.1631 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in the Realtek Wireless LAN Utility version 700.1631, specifically in the 'Realtek11nSU' Windows service. Because the service executable path contains spaces but is not enclosed in quotes, a local attacker can place a malicious executable in a directory along the path. When the service starts or the system reboots, the system might execute the malicious code with elevated system privileges, as the service runs under the LocalSystem account with automatic startup enabled. This allows local users to potentially execute arbitrary code with high privileges. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation on affected systems. A local attacker with access can exploit the unquoted service path to execute malicious code with elevated system privileges (LocalSystem), potentially compromising the entire system. This could allow the attacker to gain full control over the system, bypass security controls, and perform unauthorized actions. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the service path of the 'Realtek11nSU' Windows service to see if it is unquoted and contains spaces. On a Windows system, you can use the following command in an elevated command prompt or PowerShell to check the service path: sc qc Realtek11nSU. If the path shown is unquoted and contains spaces (e.g., C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe), the system is vulnerable. Additionally, you can manually inspect the service executable path in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Realtek11nSU to verify if the path is unquoted. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include quoting the service path to prevent the unquoted service path vulnerability. This can be done by modifying the service executable path to be enclosed in double quotes, for example: "C:\Program Files (x86)\Realtek\Wireless LAN Utility\RtlService.exe". Alternatively, you can temporarily disable the 'Realtek11nSU' service to prevent it from starting until a patch or update is applied. Ensuring that only trusted users have local access to the system can also reduce risk. Monitoring for suspicious executables in the directories along the service path is recommended until the issue is resolved. [1, 3]