Primary

Context

Alps Pointing-Device Controller Unquoted Service Path Vulnerability in ApHidMonitorService

Vulnerability

A local privilege escalation vulnerability has been identified in the Alps Pointing-device Controller version 8.1202.1711.04. The issue resides in the ApHidMonitorService, which has an unquoted service path. This vulnerability allows local attackers to execute code with elevated privileges. By placing a malicious executable in the service path, attackers can gain system-level access when the service is restarted or the system is rebooted.

Impact

Exploitation of this vulnerability allows for local privilege escalation, enabling attackers to execute code with elevated privileges on the system.

Reproduction

The vulnerability can be reproduced by placing a malicious executable in the unquoted service path of the ApHidMonitorService. After placing the executable, restarting the service or rebooting the system will execute the malicious code with elevated privileges.

Added: Feb 5, 2026, 12:49 AM

Updated: Feb 5, 2026, 12:49 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alps Pointing-Device Controller Unquoted Service Path Vulnerability in ApHidMonitorService

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating