Primary

Context

NETGATE Data Backup Unquoted Service Path Vulnerability in NGDatBckpSrv

Vulnerability

A vulnerability exists in NETGATE Data Backup version 3.0.620 due to an unquoted service path in the NGDatBckpSrv Windows service. This flaw allows attackers to exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with LocalSystem privileges.

Reproduction

The vulnerability can be reproduced by querying the service configuration for 'NGDatBckpSrv'. The unquoted service path can be exploited by placing an executable in a directory that the service will access, which will then be executed with elevated privileges.

Added: Feb 5, 2026, 12:40 AM

Updated: Feb 5, 2026, 12:40 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NETGATE Data Backup Unquoted Service Path Vulnerability in NGDatBckpSrv

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating