Huawei MBAMainService Unquoted Service Path

Huawei MBAMainService suffers from an unquoted service path vulnerability.

MD5 | 55ae69fbec82f1800a281425857b95a0

# Exploit Title: Huawei "MBAMainService" Unquoted Service Path
# Date: 2020-12-14
# Exploit Author: Andrea Bocchetti
# Vendor Homepage:
# Software Link:
# Category:Local
# Tested on: Microsoft Windows 10 Pro ( 10.0.19041.488)

# Step to discover the unquoted Service:
C:\Users\user>wmic service get name, displayname, pathname, startmode |
findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """

C:\Users\Andrea>sc qc "MBAMainService"

[image: 56565.JPG]

Related Posts