CNNVD-202601-1926 Information

CNNVD ID

CNNVD-202601-1926

Related CVE

CVE-2022-50914

• CNNVD Published: 2026-01-13

Description (Chinese)

EaseUS Data Recovery是EaseUS公司的一个数据恢复软件。 EaseUS Data Recovery 15.1.0.0版本存在代码问题漏洞，该漏洞源于EaseUS UPDATE SERVICE可执行文件服务路径未加引号，可能导致攻击者注入并执行恶意代码并提升LocalSystem权限。

Description (English)

EaseUS Data Recovery is a data recovery software for EaseUS. There is a code gap in EaseUS Data Release 15.1.0.0, which stems from the lack of quotation marks on the executing file service path of EaseUS UPDATE SERVICE, which may lead to the injection and enforcement of malicious codes by the attackers and the enhancement of LocalSystem privileges.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

EaseUS

Published

2026-01-13

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/easeus-data-recovery-ensserverexe-unquoted-service-path https://www.exploit-db.com/exploits/50886 https://www.easeus.com/ https://access.redhat.com/security/cve/cve-2022-50914