CVE-2020-37129

CRITICAL
2026-02-05 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 05, 2026 - 20:47 vuln.today
Public exploit code
CVE Published
Feb 05, 2026 - 17:16 nvd
CRITICAL 9.8

Tags

Privilege Escalation

Description

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions.

Analysis

Insecure folder permissions in MEmu Play 7.1.3 Android emulator allow low-privileged users to modify application binaries, enabling privilege escalation to SYSTEM. PoC available.

Technical Context

CWE-276 incorrect default permissions. MEmu Play installation directory grants write access to low-privileged users, who can replace binaries that run as SYSTEM.

Affected Products

['MEmu Play 7.1.3']

Remediation

Update MEmu Play. Restrict installation directory permissions to administrators only.

Priority Score

69
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +49
POC: +20

Share

CVE-2020-37129 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy