Primary

Context

BOOTP Turbo Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability exists in BOOTP Turbo version 2.0.1214 due to an unquoted service path. This flaw allows local attackers to execute arbitrary code with elevated privileges. Exploitation involves injecting malicious code into the unquoted executable path, which is then executed when the service starts under the LocalSystem account.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated system privileges.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the BOOTP Turbo application. After injecting malicious code into the executable path, the service can be restarted, triggering the execution of the injected code with LocalSystem privileges.

Added: Feb 1, 2026, 3:20 PM

Updated: Feb 1, 2026, 3:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

2.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BOOTP Turbo Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating