Primary

Context

Brother BRPrint Auditor Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability exists in Brother BRPrint Auditor version 3.0.7 due to unquoted service paths in its Windows service configurations. This flaw allows local attackers to execute arbitrary code by injecting malicious executables into the exploited services, BrAuSvc and BRPA_Agent, potentially leading to elevated privileges on the system.

Impact

Exploitation of this vulnerability could allow local attackers to execute arbitrary code with elevated privileges.

Reproduction

The vulnerability can be reproduced by installing Brother BRPrint Auditor 3.0.7 on a Windows system. After installation, the unquoted service paths can be verified using the Windows Management Instrumentation Command-line (WMIC) tool. The service names 'BrAuSvc' and 'BRPA_Agent' will display unquoted file paths that can be exploited to inject malicious executables.

Added: Jan 16, 2026, 12:58 AM

Updated: Jan 16, 2026, 12:58 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.6

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Brother BRPrint Auditor Unquoted Service Path Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating