CVE-2020-37061 – CVE-2020-37061 is an unquoted service path vuln... (How to Fix)

Q: What is the severity of CVE-2020-37061?

CVE-2020-37061 has a CVSS score of 7.8 (HIGH). CVE-2020-37061 is an unquoted service path vulnerability in BOOTP Turbo 2.0.1214 that allows local attackers to execute arbitrary code with SYSTEM privileges. Attackers can place malicious executables in paths that get executed when the service starts. This affects systems running the vulnerable version of BOOTP Turbo.

📋 TL;DR

CVE-2020-37061 is an unquoted service path vulnerability in BOOTP Turbo 2.0.1214 that allows local attackers to execute arbitrary code with SYSTEM privileges. Attackers can place malicious executables in paths that get executed when the service starts. This affects systems running the vulnerable version of BOOTP Turbo.

💻 Affected Systems

Products:

BOOTP Turbo

Versions: 2.0.1214

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system. The service runs with LocalSystem privileges by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, allowing attackers to install persistent backdoors, steal credentials, or deploy ransomware.

🟠

Likely Case

Local privilege escalation leading to lateral movement within the network, credential harvesting, and persistence establishment.

🟢

If Mitigated

Limited impact if proper access controls prevent local users from writing to service directories and service runs with minimal privileges.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to create files in writable directories along the unquoted service path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.weird-solutions.com

Restart Required: Yes

Instructions:

1. Visit the vendor website for updates. 2. If no patch is available, apply workarounds. 3. Consider replacing with alternative software.

🔧 Temporary Workarounds

Quote Service Path

windows

Modify the service path to include quotes around the executable path

sc config "BOOTP Turbo" binPath= "\"C:\Program Files\BOOTP Turbo\bootp.exe\""

Restrict Directory Permissions

windows

Remove write permissions from directories in the service path for non-administrative users

icacls "C:\Program Files" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

Remove or disable the BOOTP Turbo service if not required
Run the service with a lower-privileged account instead of LocalSystem

🔍 How to Verify

Check if Vulnerable:

Check if BOOTP Turbo 2.0.1214 is installed and the service path is unquoted using: sc qc "BOOTP Turbo"

Check Version:

Check program version in Control Panel or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Verify Fix Applied:

Verify the service path is quoted and directory permissions are restricted

📡 Detection & Monitoring

Log Indicators:

Service control manager events for BOOTP Turbo service modifications
Process creation events from unexpected locations in service path directories

Network Indicators:

Unusual outbound connections from systems running BOOTP Turbo

SIEM Query:

EventID=7045 AND ServiceName="BOOTP Turbo" OR ProcessCreation WHERE ImagePath contains "Program Files\BOOTP" AND NOT ImagePath starts with '"'

📊 Metadata

CVE ID: CVE-2020-37061

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-428

Published: February 1, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37061, you might also want to check these: