CVE-2026-33253_CVE-2026-33253

6.7 / 10

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

Basic Information

ID CVE-2026-33253

Source jpcert

Published Mar 25, 2026 at 05:11

Modified Mar 25, 2026 at 13:28

Affected Product

Vendor SANYO DENKI CO., LTD.

Product SANUPS SOFTWARE STANDALONE

Version Ver.1.0.1 to Ver.1.1.4

Affected Versions SANYO DENKI CO., LTD. SANUPS SOFTWARE STANDALONE Ver.1.0.1 to Ver.1.1.4
SANYO DENKI CO., LTD. SANUPS SOFTWARE Ver.2.0.0 to Ver.2.0.2
SANYO DENKI CO., LTD. SANUPS SOFTWARE Ver.1.0.0 to Ver.1.1.4

CWE Classification

CWE-428

References

{
    "lastseen": "",
    "description": "SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.",
    "published": "2026-03-25T05:11:53.688Z",
    "modified": "2026-03-25T13:28:29.422Z",
    "type": "cve",
    "title": "CVE-2026-33253",
    "source": "jpcert",
    "references": "https://products.sanyodenki.com/media/document/sanups/H0033449_en.pdf\nhttps://products.sanyodenki.com/media/document/sanups/H0033413_jp.pdf\nhttps://jvn.jp/en/jp/JVN90835713/",
    "id": "CVE-2026-33253",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428"
    ],
    "cvelist": null,
    "sourceData": "SANYO DENKI CO., LTD. SANUPS SOFTWARE STANDALONE Ver.1.0.1 to Ver.1.1.4\nSANYO DENKI CO., LTD. SANUPS SOFTWARE Ver.2.0.0 to Ver.2.0.2\nSANYO DENKI CO., LTD. SANUPS SOFTWARE Ver.1.0.0 to Ver.1.1.4",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SANUPS SOFTWARE STANDALONE",
    "version": "Ver.1.0.1 to Ver.1.1.4",
    "vendor": "SANYO DENKI CO., LTD.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}