PT-2026-3149 · Brother · Brother Bragent+1
Brian Rodriguez
·
Publicado
2026-01-15
·
Atualizado
2026-02-09
·
CVE-2020-36928
CVSS v4.0
8.5
Alta
| Vetor | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Brother BRAgent version 1.38
Description
The software contains an unquoted service path vulnerability within the WBA Agent Client service, which operates with LocalSystem privileges. An attacker can exploit the unquoted path located at C:Program Files (x86)BrotherBRAgent to inject and execute malicious code, gaining elevated system permissions.
Recommendations
Ensure the service path for WBA Agent Client is enclosed in quotes.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Brother Bragent
Bragent