CVE-2020-37250
Received Received - Intake
TFTP Broadband Unquoted Service Path Privilege Escalation

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2020-37250
EUVD
EUVD-2020-31251
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tftp_broadband tftp_broadband 4.3.0.1465
weird_solutions tftp_broadband 4.3.0.1465
weird_solutions tftp_broadband to 4.3.0.1465 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-428 The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37250 is an unquoted service path vulnerability in the tftpt.exe service binary of TFTP Broadband version 4.3.0.1465. Because the service path is not properly enclosed in quotes, local attackers can place a malicious executable in the Program Files directory path. When the service starts or the system reboots, this malicious executable can be run with LocalSystem privileges, allowing arbitrary code execution.

Impact Analysis

This vulnerability allows local attackers to escalate their privileges by executing arbitrary code with system-level (LocalSystem) privileges. This means an attacker could gain full control over the affected system, potentially installing malware, stealing data, or disrupting system operations.

Detection Guidance

This vulnerability can be detected by checking if the service path for the tftpt.exe service binary is unquoted. Specifically, you need to verify whether the service path contains spaces and is not enclosed in quotation marks.

On a Windows system, you can use the following command to check the service path for the TFTP Broadband service:

  • sc qc "TFTP Broadband"

Look for the BINARY_PATH_NAME output. If the path contains spaces and is not enclosed in quotes (e.g., C:\Program Files\TFTP Broadband 4\tftpt.exe without quotes), the system is vulnerable.

Additionally, you can use PowerShell to query the service path:

  • Get-WmiObject win32_service | Where-Object { $_.Name -eq 'TFTP Broadband' } | Select-Object PathName

Review the PathName property for unquoted paths with spaces.

Mitigation Strategies

To mitigate this vulnerability, immediately ensure that the service path for the tftpt.exe executable is properly quoted to prevent execution of malicious executables placed in directories with spaces.

You can do this by modifying the service configuration to enclose the executable path in quotation marks. For example, change the service path from:

  • C:\Program Files\TFTP Broadband 4\tftpt.exe

to

  • "C:\Program Files\TFTP Broadband 4\tftpt.exe"

Alternatively, you can uninstall or stop the vulnerable service until a patched version is available.

Restrict local user permissions to prevent unauthorized users from placing executables in the Program Files directory.

Compliance Impact

The provided information does not specify how the unquoted service path vulnerability in TFTP Broadband 4.3.0.1465 directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37250. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart