CVE-2020-37063
Unquoted Service Path in TFTP Turbo Allows Privileged Code Execution
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| weird_solutions | tftp_turbo | 4.6.1273 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in TFTP Turbo version 4.6.1273 on Windows. The service executable path contains spaces but is not enclosed in quotes, which allows a local attacker to place a malicious executable in a path that Windows misinterprets. When the service starts, it may execute the malicious code with elevated LocalSystem privileges, leading to arbitrary code execution. [1]
How can this vulnerability impact me? :
An attacker with local access can exploit this vulnerability to execute arbitrary code with LocalSystem privileges, which is the highest level of privilege on a Windows system. This can lead to full system compromise, unauthorized access, and control over the affected machine. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the service path for unquoted spaces in the TFTP Turbo 4 service configuration. For example, use the command `sc qc "TFTP Turbo 4"` on Windows to query the service configuration and inspect the BINARY_PATH_NAME. If the path contains spaces and is not enclosed in quotes (e.g., C:\Program Files\TFTP Turbo 4\tftpt.exe), the service is vulnerable to this unquoted service path issue. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the service path to be properly quoted in the service configuration to prevent Windows from misinterpreting the path. Alternatively, move the executable to a path without spaces or apply the latest patches or updates from the vendor if available. Also, restrict local user permissions to prevent unauthorized code execution and consider disabling or stopping the service if it is not required. [1]