Alcatel Flame II HSPA USB Modem Unquoted Service Path Vulnerability

A vulnerability exists in the Alcatel Flame II HSPA USB Modem due to an unquoted service path in its Windows service configuration. This flaw allows attackers to exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with elevated privileges on the affected system.

Reproduction

The vulnerability can be reproduced by creating a service with an unquoted path that includes spaces. This can be done using the Windows Service Control (sc) command. Once the service is created, it can be started, and the unquoted path will be used to execute the application, allowing for code execution with elevated privileges.