CVE-2020-37064
Unquoted Service Path in EPSON EasyMP Allows Local Code Execution
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| epson | easymp_network_projection | 2.81 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unquoted service path issue in EPSON EasyMP Network Projection version 2.81. The service 'EMP_NSWLSV' runs from a path that contains spaces but is not enclosed in quotes. This allows a local attacker to place a malicious executable in a directory with higher priority in the path, such as "C:\Program Files (x86)\EPSON", which could then be executed with LocalSystem privileges when the service starts. Essentially, it enables privilege escalation by exploiting how Windows handles unquoted service paths. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code with LocalSystem privileges, which is the highest level of privilege on a Windows system. This can lead to full control over the affected system, including installing programs, viewing, changing, or deleting data, or creating new accounts with full user rights. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the service path of the 'EMP_NSWLSV' service for unquoted spaces. On a Windows system, use the command: sc qc EMP_NSWLSV. If the binary path contains spaces and is not enclosed in quotes, the system is vulnerable. Additionally, you can manually inspect the service executable path at C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe to confirm the unquoted path issue. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the service path to include quotes around the executable path to prevent execution of malicious code. Alternatively, update or patch EPSON EasyMP Network Projection to a version where this issue is fixed. As a temporary workaround, ensure that no malicious executables exist in directories higher in the path hierarchy (e.g., C:\Program Files (x86)\EPSON) and restrict local user permissions to prevent placing malicious files there. [1]