← Back

CVE-2020-36929

nvd nist
Published: Jan 16, 2026Modified: Feb 9, 2026

JSON object

Loading...
8.5
Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.

Affected (1)

Brother
1 product
Brprint Auditor
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Brprint Auditor
Version 3.0.7

Related CWEs

CWE-428
Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (5)

Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
Third Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline (15)

2/9/2026
6 changes
Initial Analysis - Reference Type
03:02 PM
- -
+ VulnCheck: https://www.vulncheck.com/advisories/brother-brprint-auditor-multiple-unquoted-service-path Types: Third Party Advisory
Initial Analysis - Reference Type
03:02 PM
- -
+ VulnCheck: https://www.exploit-db.com/exploits/50005 Types: Exploit, Third Party Advisory
Initial Analysis - Reference Type
03:02 PM
- -
+ CISA-ADP: https://www.exploit-db.com/exploits/50005 Types: Exploit, Third Party Advisory
Initial Analysis - Reference Type
03:02 PM
- -
+ VulnCheck: https://support.brother.com/g/s/id/common_download/en/auditor_pro3.html?c=be&lang=nl&redirect=on Types: Product
Initial Analysis - Reference Type
03:02 PM
- -
+ VulnCheck: https://support.brother.com/g/s/id/common_download/en/auditor_pro3.html?c=be&lang=fr&redirect=on Types: Product
Initial Analysis - CPE Configuration
03:02 PM
- -
+ OR *cpe:2.3:a:brother:brprint_auditor:3.0.7:*:*:*:*:*:*:*
1/16/2026
9 changes
CVE Modified - Reference
05:15 PM
- -
+ https://www.exploit-db.com/exploits/50005
New CVE Received - Reference
12:16 AM
- -
+ https://www.vulncheck.com/advisories/brother-brprint-auditor-multiple-unquoted-service-path
New CVE Received - Reference
12:16 AM
- -
+ https://www.exploit-db.com/exploits/50005
New CVE Received - Reference
12:16 AM
- -
+ https://support.brother.com/g/s/id/common_download/en/auditor_pro3.html?c=be&lang=nl&redirect=on
New CVE Received - Reference
12:16 AM
- -
+ https://support.brother.com/g/s/id/common_download/en/auditor_pro3.html?c=be&lang=fr&redirect=on
New CVE Received - CWE
12:16 AM
- -
+ CWE-428
New CVE Received - CVSS V3.1
12:16 AM
- -
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
New CVE Received - CVSS V4.0
12:16 AM
- -
+ AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
New CVE Received - Description
12:16 AM
- -
+ Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.