CVE-2021-21292

Name of the Vulnerable Software and Affected Versions: Traccar versions prior to 4.12

Description: Traccar is an open source GPS tracking system. The issue is an unquoted Windows binary path vulnerability, which impacts only Windows versions. An attacker needs write access to the filesystem on the host machine to exploit this. If the Java path includes a space, the attacker can elevate their privilege to the same level as the Traccar service, which is system-level.

Recommendations: For versions prior to 4.12, update to version 4.12 to resolve the issue. As a temporary workaround, consider restricting write access to the filesystem on the host machine to minimize the risk of exploitation. Additionally, ensure the Java path does not include any spaces to prevent privilege elevation.