CVE-2022-50921 – CVE-2022-50921 is an unquoted service path vuln... (How to Fix)

Q: What is the severity of CVE-2022-50921?

CVE-2022-50921 has a CVSS score of 7.8 (HIGH). CVE-2022-50921 is an unquoted service path vulnerability in WOW21 5.0.1.9 that allows local attackers to execute arbitrary code with SYSTEM privileges. Attackers can place malicious executables in paths that get executed during service startup. This affects systems running the vulnerable WOW21 software version.

📋 TL;DR

CVE-2022-50921 is an unquoted service path vulnerability in WOW21 5.0.1.9 that allows local attackers to execute arbitrary code with SYSTEM privileges. Attackers can place malicious executables in paths that get executed during service startup. This affects systems running the vulnerable WOW21 software version.

💻 Affected Systems

Products:

WOW21

Versions: 5.0.1.9

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows systems where the WOW21 service is installed with an unquoted path in the service configuration.

📦 What is this software?

Wow21 by Wow21

View all CVEs affecting Wow21 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with LocalSystem privileges leading to persistent backdoor installation, credential theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to gain SYSTEM privileges on the compromised host.

🟢

If Mitigated

Limited impact if proper file permissions restrict write access to system directories and service paths are properly quoted.

🌐 Internet-Facing: LOW - This requires local access to the system, not directly exploitable over the network.

🏢 Internal Only: HIGH - Internal attackers with local access can exploit this for privilege escalation and persistence.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access to the system. Proof of concept code is publicly available on Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://web.archive.org/web/20220220170535/https://wow21.life/

Restart Required: Yes

Instructions:

1. Check vendor website for updated version. 2. If patch available, download and install. 3. Restart the WOW21 service. 4. Verify the service path is now properly quoted.

🔧 Temporary Workarounds

Quote Service Path

windows

Manually edit the service configuration to add quotes around the binary path

sc config "WOWService" binPath= "\"C:\Program Files\WOW21\wowservice.exe\""

Restrict Directory Permissions

windows

Set strict ACLs on directories in the service path to prevent unauthorized file creation

icacls "C:\Program Files\WOW21" /deny Everyone:(OI)(CI)W

🧯 If You Can't Patch

Remove unnecessary write permissions from directories in the service path hierarchy
Monitor for unauthorized file creation in system directories and service paths

🔍 How to Verify

Check if Vulnerable:

Run: sc qc "WOWService" and check if the binary path contains spaces without quotes

Check Version:

Check WOW21 application version in Control Panel > Programs and Features or via the application interface

Verify Fix Applied:

Run: sc qc "WOWService" and verify the binary path is properly quoted with double quotes

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing service startup failures
Unexpected process execution from system directories
File creation events in service path directories

Network Indicators:

Unusual outbound connections from SYSTEM processes
Lateral movement attempts from the affected host

SIEM Query:

EventID=4688 AND NewProcessName="*\WOW21\*" AND SubjectUserName="SYSTEM"

📊 Metadata

CVE ID: CVE-2022-50921

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-428

EPSS Score: 0.01% exploit probability (1.7th percentile)

Published: January 13, 2026

Last Updated: February 2, 2026

🔗 References

https://web.archive.org/web/20220220170535/https://wow21.life/ Product
https://www.exploit-db.com/exploits/50818 Exploit
https://www.vulncheck.com/advisories/wow-service-wowservice-unquoted-service-path Third Party Advisory
https://www.exploit-db.com/exploits/50818 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50921, you might also want to check these: