header-logo
Suggest Exploit
vendor:
FLAME II HSPA USB MODEM Service
by:
Ismael Nava
7.8
CVSS
HIGH
Unquoted Service Path
822
CWE
Product Name: FLAME II HSPA USB MODEM Service
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:telcel:flame_ii_hspa_usb_modem_service
Metasploit:
Other Scripts:
Platforms Tested: Windows 10 64 BITS
2022

FLAME II MODEM USB – Unquoted Service Path

FLAME II MODEM USB is vulnerable to Unquoted Service Path vulnerability. This vulnerability allows an attacker to gain elevated privileges on the system by exploiting the service path of the application. The service path of the application is not quoted which allows an attacker to inject malicious code in the service path.

Mitigation:

Ensure that all service paths are quoted and that all services are running with the least privileges.
Source

Exploit-DB raw data:

# Exploit Title: FLAME II MODEM USB - Unquoted Service Path
# Discovery by: Ismael Nava
# Discovery Date: 02-02-2022
# Vendor Homepage: https://www.telcel.com/personas/equipos/modems-usb/alcatel/x602a
# Software Links : N/A (Is a BAM)
# Tested Version: N/A
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 64 BITS


C:>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """
FLAME II HSPA USB MODEM Service		FLAME II HSPA USB MODEM Service		C:\Program Files (x86)\Internet Telcel\ApplicationController.exe                                                                                                                                                                                   Auto

C:>sc qc "FLAME II HSPA USB MODEM Service"
[SC] QueryServiceConfig CORRECTO

NOMBRE_SERVICIO: FLAME II HSPA USB MODEM Service
        TIPO               : 10  WIN32_OWN_PROCESS
        TIPO_INICIO        : 2   AUTO_START
        CONTROL_ERROR      : 1   NORMAL
        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\Internet Telcel\ApplicationController.exe
        GRUPO_ORDEN_CARGA  :
        ETIQUETA           : 0
        NOMBRE_MOSTRAR     : FLAME II HSPA USB MODEM Service
        DEPENDENCIAS       :
        NOMBRE_INICIO_SERVICIO: LocalSystem

Navigation

Suggest Exploit

Services By CQR