CVE-2021-47767

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

1

0-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.

References

Link	Resource
https://www.10-strike.com/	Product
https://www.exploit-db.com/exploits/50494	Exploit
https://www.exploit-db.com/exploits/50494	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:10-strike:network_inventory_explorer:9.31:*:*:*:pro:*:*:*

History

30 Jan 2026, 20:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:10-strike:network_inventory_explorer:9.31::::pro:::
References	~~() https://www.10-strike.com/ -~~	() https://www.10-strike.com/ - Product
References	~~() https://www.exploit-db.com/exploits/50494 -~~	() https://www.exploit-db.com/exploits/50494 - Exploit
First Time		10-strike 10-strike network Inventory Explorer

15 Jan 2026, 19:16

Type	Values Removed	Values Added
References	~~() https://www.exploit-db.com/exploits/50494 -~~	() https://www.exploit-db.com/exploits/50494 -

15 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-15 16:16

Updated : 2026-01-30 20:00

NVD link : CVE-2021-47767

Mitre link : CVE-2021-47767

CVE.ORG link : CVE-2021-47767

JSON object : View

Products Affected

network_inventory_explorer

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2021-47767", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-15T16:16:08.170", "references": [{"url": "https://www.10-strike.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/50494", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/50494", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions."}], "lastModified": "2026-01-30T20:00:34.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:10-strike:network_inventory_explorer:9.31:*:*:*:pro:*:*:*", "vulnerable": true, "matchCriteriaId": "F7CED6E9-86A3-4483-B0F1-95358C610A0E"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}