CVE-2016-20057
Received Received - Intake
Unquoted Service Path Vulnerability in NETGATE Registry Cleaner Enables Privilege Escalation

Publication date: 2026-04-04

Last updated on: 2026-04-20

Assigner: VulnCheck

Description
NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-04
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-15
NVD
CVE-2016-20057
EUVD
EUVD-2016-10864
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netgate registry_cleaner to 16.0.205 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in NETGATE Registry Cleaner build 16.0.205 is an unquoted service path privilege escalation issue in the NGRegClnSrv service.

Because the service binary path is not enclosed in quotes, a local attacker can place a malicious executable in a directory path that Windows parses before the legitimate service executable.

When the service restarts or the system reboots, Windows may execute the malicious executable instead of the intended one.

Since the service runs with LocalSystem privileges, this allows the attacker to escalate their privileges to SYSTEM level.

Impact Analysis

This vulnerability allows a local attacker with write access to certain directories to execute arbitrary code with elevated LocalSystem privileges.

The attacker can place a malicious executable in the unquoted service path and trigger its execution by restarting the service or rebooting the system.

As a result, the attacker gains full control over the affected system, potentially leading to unauthorized access, data theft, or system compromise.

Detection Guidance

This vulnerability can be detected by checking the service configuration for the NGRegClnSrv service to see if the service binary path is unquoted.

You can use the following Windows command to inspect the service configuration and verify if the path is unquoted:

  • sc qc NGRegClnSrv

If the binary path shown is not enclosed in quotes, it indicates the presence of the unquoted service path vulnerability.

Compliance Impact

The vulnerability allows local attackers to escalate privileges to LocalSystem by exploiting an unquoted service path, potentially enabling unauthorized access to sensitive system functions and data.

Such unauthorized privilege escalation can lead to violations of security requirements mandated by common standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and system integrity.

If exploited, this vulnerability could result in unauthorized disclosure, modification, or destruction of protected information, thereby impacting compliance with these regulations.

Mitigation Strategies

To mitigate the unquoted service path vulnerability in NETGATE Registry Cleaner build 16.0.205, immediately verify the service binary path configuration using the command: sc qc NGRegClnSrv.

Ensure that the service path is properly quoted to prevent execution of malicious executables placed in directories parsed before the legitimate service executable.

Restrict write permissions on directories in the service path to prevent local attackers from placing malicious executables.

If possible, update or patch the software to a version where this vulnerability is fixed.

As a temporary measure, avoid restarting the NGRegClnSrv service or rebooting the system until the issue is resolved to prevent triggering the exploit.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2016-20057. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart