CVE-2020-37250 | TFTP Broadband 4.3.0.1465 contains an unquoted service path … | CVSS 7.8 HIGH

Description

TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during service startup or system reboot with LocalSystem privileges.

Metadata

CVE ID: CVE-2020-37250
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-19 13:57 UTC
Published: 2026-06-19 14:16 UTC
Last updated: 2026-06-19 14:16 UTC
Primary CWE: CWE-428
Unquoted Search Path or Element
Vendor / Product: Weird-Solutions / TFTP Broadband
Sources: cve.org · NVD

Severity & Metrics

7.8 HIGH CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
Weird-Solutions	TFTP Broadband	—	4.3.0.1465

Weakness (CWE)

CWE	Source	Description
CWE-428	cna	Unquoted Search Path or Element

CVSS scores (2)

Score	Severity	Version	Source	Vector
8.5	HIGH	4.0	cna	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8	HIGH	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (3)

ExploitDB-49852 https://www.exploit-db.com/exploits/49852
Official Product Homepage https://www.weird-solutions.com
VulnCheck Advisory: TFTP Broadband 4.3.0.1465 Unquoted Service Path Privilege Escalation https://www.vulncheck.com/advisories/tftp-broadband-unquoted-service-path-privilege-escalation