Stefan Petrushevski

**Name of the Vulnerable Software and Affected Versions** devolo dLAN Cockpit version 4.3.1 **Description** The software contains an unquoted service path issue in the 'DevoloNetworkService'. This allows local, non-privileged users to potentially execute arbitrary code. Exploitation involves leveraging the insecure service path configuration by placing malicious code in the system root path, which then executes with elevated privileges during application startup or system reboot. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.