CVE-2021-47886
Unquoted Service Path in PingzapperSvc Enables Local Code Execution
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fyrolabs | pingzapper | 2.3.1 |
| fyrolabs | pingzapper | 3.1.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47886 is an unquoted service path vulnerability in Pingzapper version 2.3.1 affecting the PingzapperSvc service. The service executable path 'C:\Program Files (x86)\Pingzapper\PZService.exe' is unquoted despite containing spaces. This misconfiguration allows local attackers to place malicious executables in a path that Windows might execute with elevated privileges when the service starts, potentially leading to arbitrary code execution and privilege escalation. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker to execute arbitrary code with elevated privileges on the affected system by exploiting the unquoted service path. This means an attacker could escalate their privileges and potentially take full control of the system, compromising confidentiality, integrity, and availability. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unquoted service paths in Windows services, specifically the 'PingzapperSvc' service. Commands such as 'wmic service get name,pathname,startmode | findstr /i "Auto"' can be used to list services with auto-start mode and their executable paths. Then, inspect the paths for unquoted strings containing spaces, like 'C:\Program Files (x86)\Pingzapper\PZService.exe'. Additionally, the 'sc qc PingzapperSvc' command can be used to query the configuration of the specific service to verify if the executable path is unquoted. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include correcting the unquoted service path by enclosing the executable path in quotes to prevent Windows from misinterpreting the path and executing malicious files. Alternatively, updating Pingzapper to a version later than 2.3.1 (such as version 3.1.7) may resolve the issue if the vendor has patched the vulnerability. Restricting local user access to prevent unauthorized file placement in the affected directories can also reduce risk. [1, 2, 3]