CVE-2022-50808
Unknown Unknown - Not Provided
Unquoted Service Path in CoolerMaster MPService Enables Privilege Escalation

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: VulnCheck

Description
CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. Attackers can drop a malicious executable in the service path and trigger code execution during service startup or system reboot.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50808
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coolermaster masterplus 1.8.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in CoolerMaster MasterPlus version 1.8.5's MPService. Because the service executable path contains spaces and is not enclosed in quotes, Windows may misinterpret the path and execute a malicious executable placed by a local attacker in a higher-priority directory during service startup or system reboot. This allows the attacker to execute code with SYSTEM-level privileges by placing a crafted payload named "Program.exe" in locations like the root of the C: drive and then restarting the service or rebooting the system. [1, 2]

Impact Analysis

This vulnerability can allow a local attacker to escalate their privileges to SYSTEM level on the affected machine. By exploiting the unquoted service path, the attacker can execute arbitrary code with elevated system privileges, potentially leading to full control over the system, unauthorized access to sensitive data, and the ability to perform malicious actions that require high-level permissions. [1, 2]

Detection Guidance

You can detect this vulnerability by checking for unquoted service paths in the CoolerMaster MasterPlus MPService. One method is to use the Windows Management Instrumentation Command-line (WMIC) to list services with auto start mode and filter out those with paths under C:\Windows\, revealing unquoted paths. For example, you can run the command: wmic service where "startmode='auto' and pathname like '%CoolerMaster%'" get name,pathname,startmode. Then inspect the service path for unquoted spaces, such as C:\Program Files (x86)\CoolerMaster\MasterPlus\MPService.exe. If the path is unquoted and contains spaces, it is vulnerable. [1]

Mitigation Strategies

Immediate mitigation steps include quoting the service executable path to prevent Windows from misinterpreting the path and executing malicious executables. Alternatively, you can restrict write permissions on directories in the service path to prevent attackers from placing malicious executables. Additionally, avoid placing executables in directories that are higher in the path hierarchy (e.g., C:\) where an attacker could drop a malicious Program.exe. Restarting the service or system after applying these mitigations will prevent exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart