Lucene search
Joseph Kwabena FiagborEDB-ID:51977HistoryApr 12, 2024 - 12:00 a.m.
Terratec dmx_6fire USB - Unquoted Service Path
2024-04-1200:00:00
Joseph Kwabena Fiagbor
www.exploit-db.com
58
terratec
usb
service path
vulnerability
privilege escalation
# Exploit Title: Terratec dmx_6fire USB - Unquoted Service Path
# Google Dork: null
# Date: 4/10/2024
# Exploit Author: Joseph Kwabena Fiagbor
# Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/
# Software Link:
# Version: v.1.23.0.02
# Tested on: windows 7-11
# CVE : CVE-2024-31804
1. Description:
The Terratec dmx_6fire usb installs as a service with an unquoted service
path running
with SYSTEM privileges.
This could potentially allow an authorized but non-privileged local
user to execute arbitrary code with elevated privileges on the system.
2. Proof
> C:\Users\Astra>sc qc "ttdmx6firesvc"
> {SC] QueryServiceConfig SUCCESS
>
> SERVICE_NAME: ttdmx6firesvc
> TYPE : 10 WIN32_OWN_PROCESS
> START_TYPE : 2 AUTO_START
> ERROR_CONTROL : 1 NORMAL
> BINARY_PATH_NAME : C:\Program Files\TerraTec\DMX6FireUSB\ttdmx6firesvc.exe -service
> LOAD_ORDER_GROUP : PlugPlay
> TAG : 0
> DISPLAY_NAME : DMX6Fire Control
> DEPENDENCIES : eventlog
> : PlugPlay
> SERVICE_START_NAME : LocalSystem
>
>Related
zdt
zdt
Terratec dmx_6fire USB - Unquoted Service Path Vulnerability
2024-04-12 00:00:00
cve
cve
CVE-2024-31804
2024-04-23 15:15:49
cvelist
cvelist
CVE-2024-31804
2024-04-23 00:00:00
nvd
nvd
CVE-2024-31804
2024-04-23 15:15:49
packetstorm
packetstorm
Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path
2024-04-12 00:00:00