Search criteria
2 vulnerabilities by HTC
CVE-2020-36933 (GCVE-0-2020-36933)
Vulnerability from cvelistv5 – Published: 2026-01-25 14:00 – Updated: 2026-01-26 13:35
VLAI?
Title
IPTInstaller 4.0.9 - 'PassThru Service' Unquoted Service Path
Summary
HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HTC | IPTInstaller |
Affected:
4.0.9
|
Credits
SamAlucard
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36933",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-26T13:35:04.787552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T13:35:13.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IPTInstaller",
"vendor": "HTC",
"versions": [
{
"status": "affected",
"version": "4.0.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SamAlucard"
}
],
"datePublic": "2020-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTC IPTInstaller 4.0.9 contains an unquoted service path vulnerability in the PassThru Service configuration. Attackers can exploit the unquoted binary path to inject and execute malicious code with elevated LocalSystem privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-25T14:00:46.335Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49006",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49006"
},
{
"name": "HTC Official Latin America Homepage",
"tags": [
"product"
],
"url": "https://www.htc.com/latam/"
},
{
"name": "VulnCheck Advisory: IPTInstaller 4.0.9 - \u0027PassThru Service\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/iptinstaller-passthru-service-unquoted-service-path"
}
],
"title": "IPTInstaller 4.0.9 - \u0027PassThru Service\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36933",
"datePublished": "2026-01-25T14:00:46.335Z",
"dateReserved": "2026-01-25T12:45:06.368Z",
"dateUpdated": "2026-01-26T13:35:13.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-10001 (GCVE-0-2013-10001)
Vulnerability from cvelistv5 – Published: 2022-05-17 07:30 – Updated: 2025-04-15 14:40
VLAI?
Title
HTC One/Sense Mail Client certificate validation
Summary
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.
Severity ?
4.8 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Max Moser/Martin Schobert
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.8900"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2013-10001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:59.267706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:40:22.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "One",
"vendor": "HTC",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
},
{
"product": "Sense",
"vendor": "HTC",
"versions": [
{
"status": "affected",
"version": "4.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Max Moser/Martin Schobert"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T07:30:14.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.8900"
}
],
"title": "HTC One/Sense Mail Client certificate validation",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2013-10001",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "HTC One/Sense Mail Client certificate validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "One",
"version": {
"version_data": [
{
"version_value": "4.x"
}
]
}
},
{
"product_name": "Sense",
"version": {
"version_data": [
{
"version_value": "4.x"
}
]
}
}
]
},
"vendor_name": "HTC"
}
]
}
},
"credit": "Max Moser/Martin Schobert",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.8",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates/",
"refsource": "MISC",
"url": "http://www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates/"
},
{
"name": "https://vuldb.com/?id.8900",
"refsource": "MISC",
"url": "https://vuldb.com/?id.8900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2013-10001",
"datePublished": "2022-05-17T07:30:14.000Z",
"dateReserved": "2022-05-17T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:40:22.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}