CVE-2020-37062
Unknown Unknown - Not Provided
Unquoted Service Path Vulnerability in DHCP Turbo Enables Privilege Escalation

Publication date: 2026-02-01

Last updated on: 2026-02-01

Assigner: VulnCheck

Description
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-01
Last Modified
2026-02-01
Generated
2026-06-16
AI Q&A
2026-02-01
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37062
EUVD
EUVD-2020-30967
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
weird_solutions dhcp_turbo 4.61298
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unquoted service path issue in DHCP Turbo version 4.6.1298. Because the service binary path is not enclosed in quotes, a local attacker can place a malicious executable in a path segment that the system might execute instead of the intended service binary. This allows the attacker to execute arbitrary code with elevated privileges when the service starts. [1]

Impact Analysis

If exploited, this vulnerability can allow a local attacker to escalate their privileges to those of the LocalSystem account, effectively gaining full control over the affected system. This can lead to unauthorized code execution, system compromise, and potential data breaches. [1]

Detection Guidance

You can detect this vulnerability by checking the service binary path for unquoted spaces. On Windows, use the command: sc qc "DHCP Turbo 4" to query the service configuration and inspect the BINARY_PATH_NAME for missing quotes around the path. If the path is unquoted and contains spaces, the system is vulnerable to this unquoted service path issue. [1]

Mitigation Strategies

To mitigate this vulnerability, immediately update the service binary path to include quotes around the entire path to prevent the system from misinterpreting the path segments. Alternatively, ensure that no malicious executables can be placed in any directory segments of the service path. Running the service with the least privileges necessary and restricting local user access can also reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37062. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart