CVE-2020-37250
Awaiting Analysis
Awaiting Analysis - Queue
TFTP Broadband Unquoted Service Path Privilege Escalation
Vulnerability report for CVE-2020-37250, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-19
Last updated on: 2026-06-22
Assigner: VulnCheck
Description
Description
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tftp_broadband | tftp_broadband | 4.3.0.1465 |
| weird_solutions | tftp_broadband | 4.3.0.1465 |
| weird_solutions | tftp_broadband | to 4.3.0.1465 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |