CVE-2020-36981

CVE Database · CVE-2020-36981

CVE-2020-36981

· HIGHDeferred

CVSS v3.1

7.8

CVSS v4.0

8.5

EPSS

0.17%

Published

Jan 27, 2026

Modified

Apr 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in ForwardDaemon.exe to inject malicious code that will execute with elevated system privileges during service startup.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-428

References (4)

https://www.exploit-db.com/exploits/49011

https://www.exploit-db.com/exploits/49013

https://www.filehorse.com/es/descargar-motorola-device-manager/

https://www.vulncheck.com/advisories/motorola-device-manager-forwarddaemonexe-unquoted-service-path

KEV Catalog EPSS Scores Vendors All CVEs