Primary

Context

WifiHotSpot Unquoted Service Path Vulnerability Allowing Elevated Privileges

Vulnerability

A vulnerability exists in WifiHotSpot version 1.0.0.0 within the WifiHotSpotService.exe file, where an unquoted service path allows local attackers to execute code with elevated privileges. This unquoted path can be exploited during system startup or reboot, enabling the injection and execution of malicious executables with LocalSystem permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution with elevated privileges, allowing attackers to execute malicious payloads as the LocalSystem user.

Reproduction

The vulnerability can be reproduced by exploiting the unquoted service path of the WifiHotSpotService.exe. This can be done by injecting a malicious executable into the unquoted path, which will be executed with LocalSystem privileges when the service is started automatically during system boot or reboot.

Added: Jan 16, 2026, 7:59 PM

Updated: Jan 16, 2026, 7:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WifiHotSpot Unquoted Service Path Vulnerability Allowing Elevated Privileges

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating