支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2021-47810 基础信息
漏洞信息
                                        # WibuKey Runtime 6.51 服务路径漏洞

N/A
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
来源:美国国家漏洞数据库 NVD
漏洞描述信息
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
未经引用的搜索路径或元素
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47810 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2021-47810 的情报信息

  • 标题: Wibu-Systems | Software Protection, Software Licensing, Access Protection, Document Protection - Wibu-Systems -- 🔗来源链接

    标签:product

    神龙速读:
                                            从网页截图中可以获取到以下关于漏洞的关键信息:

- ### Key Information on Vulnerabilities
  - **CodeMeter License Reporting**: 
    - Offers insights into software usage and licensing data.
    - Helps in unlocking insights for strategic decisions.
    - Supports software licensing and protects against cyber threats.

- ### Vulnerability-Related Highlights
  - **Protection**: Safeguards digital assets from counterfeiting and reverse engineering.
  - **Security**: Enhances resilience against cyber threats, sabotage, and unauthorized manipulation.

- ### Events Related to Security and Licensing
  - **Licensing-as-a-Service for Software Businesses That Need to Move Fast**: Discusses rapid licensing solutions.
  - **Roadshow Hamburg, Stuttgart**: Likely to cover advances in security and software protection.

- ### Blog Entries
  - **Cyber Resilience Act**: Discusses its implications for software security.
  - **Edge ecosystem security and monetization**: Focuses on enhancing security in edge computing environments.

- ### Additional Security Information
  - News and Clips sections provide updates on security measures and industry standards.
    Wibu-Systems | Software Protection, Software Licensing, Access Protection, Document Protection - Wibu-Systems

  • 标题: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path - Windows local Exploit -- 🔗来源链接

    标签:exploit

    神龙速读:
                                            ## 漏洞关键信息

- **漏洞标题**: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
- **EDB-ID**: 49999
- **CVE**: N/A
- **作者**: Brian Rodriguez
- **类型**: LOCAL
- **平台**: WINDOWS
- **日期**: 2021-06-14
- **漏洞类型**: Unquoted Service Path
- **测试版本**: 6.51
- **测试环境**: Windows 10 Enterprise

### 发现步骤
```bash
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """"
```

### 服务信息
- **LOAD_ORDER_GROUP**: 
- **TAG**: 0
- **DISPLAY_NAME**: WIBU-KEY Server
- **DEPENDENCIES**: 
- **SERVICE_START_NAME**: LocalSystem
    WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path - Windows local Exploit

  • 标题: User Software - Wibu-Systems -- 🔗来源链接

    标签:product

    神龙速读:
                                            从下面的标注文字中我们可以获取到关于漏洞的关键信息如下:

- **CodeMeter User Runtime for OS X, macOS**: 
  - **Note**: As of version 7.10, CodeMeter Runtime no longer contains a Kernel Extension (kext). If you use a CmDongle, it is recommended to check the communication mode prior to upgrading. If your CmDongle is already configured as HID, nothing has to be changed. Otherwise please contact support to learn how to reconfigure your CmDongle before upgrading.

- **CodeMeter - No Longer Maintained Operating Systems**:
  - **Note**: In this download area old versions of CodeMeter are published for operating systems that are no longer maintained. These versions don't contain current security fixes and are not supported anymore.
    User Software - Wibu-Systems

  • 标题: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path | Advisories | VulnCheck -- 🔗来源链接

    标签:third-party-advisory

    神龙速读:
                                            ### WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path

#### Severity
- HIGH

#### Date
- January 15, 2026

#### Affecting
- WibuKey Runtime 6.51

#### Description
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.

#### References
- [ExploitDB-49999](#)
- [Vendor Homepage](#)
- [Software Download Page](#)

#### Credit
Brian Rodriguez

#### CVSSv3 Score & Vector
- 7.8/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
```

This markdown captures the key information about the vulnerability, including its severity, date, description, references, and the CVSSv3 score.
    WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path | Advisories | VulnCheck
  • https://nvd.nist.gov/vuln/detail/CVE-2021-47810
四、漏洞 CVE-2021-47810 的评论

暂无评论

发表评论