CVE-2016-20092 | NetDrive 2.6.12 contains an unquoted service path vulnerabil… | CVSS 7.8 HIGH

Description

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.

Metadata

CVE ID: CVE-2016-20092
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 13:23 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Netdrive / NetDrive
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Netdrive	NetDrive	—	2.6.12

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

ExploitDB-40422 https://www.exploit-db.com/exploits/40422
Official Product Homepage http://www.netdrive.net/
Product Reference http://www.netdrive.net/download
VulnCheck Advisory: NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege https://www.vulncheck.com/advisories/netdrive-unquoted-service-path-elevation-of-privilege