Skip to main content

IP Setting Software EUVDEUVD-2026-25194

| CVE-2026-34488 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-04-23 jpcert GHSA-j3m8-qm5j-mgwc
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 23, 2026 - 07:35 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 07:35 NVD
7.3 (HIGH) 7.0 (HIGH)
Analysis Generated
Apr 23, 2026 - 06:49 vuln.today
EUVD ID Assigned
Apr 23, 2026 - 06:30 euvd
EUVD-2026-25194
Analysis Generated
Apr 23, 2026 - 06:30 vuln.today
CVE Published
Apr 23, 2026 - 06:17 nvd
HIGH 7.0

DescriptionCVE.org

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.

AnalysisAI

DLL hijacking in i-PRO Co., Ltd.'s IP Setting Software enables local attackers with low privileges to execute arbitrary code with administrative privileges when victims open the application. The vulnerability stems from insecure DLL search path handling (CWE-427), allowing attackers to plant malicious DLLs that load during software execution. While exploitation requires local access and user interaction (CVSS:3.0/AV:L/AC:L/PR:L/UI:R), successful attacks achieve complete system compromise with elevated privileges. No active exploitation confirmed at time of analysis, with EPSS and KEV data unavailable for this recently published CVE.

Technical ContextAI

This vulnerability exploits Windows DLL search order mechanisms where applications search for required libraries in predictable locations. CWE-427 (Uncontrolled Search Path Element) occurs when IP Setting Software fails to specify absolute paths for dependent DLLs or doesn't validate DLL locations before loading. Attackers can place malicious DLLs in directories checked before system paths (such as the application directory or current working directory), causing the software to load attacker-controlled code. The affected product (cpe:2.3:a:i-pro_co.,_ltd.:ip_setting_software) is network camera configuration software from i-PRO Co., Ltd., typically installed on administrative workstations managing surveillance camera infrastructure. The privilege escalation from low-privilege user to administrative rights represents the security boundary crossing that elevates this from a code execution issue to a full system compromise vulnerability.

RemediationAI

Primary remediation requires upgrading IP Setting Software to the patched version specified in i-PRO's security advisory at https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories. Exact patched version number not confirmed in NVD data - consult vendor advisory directly. During patch deployment window, implement these compensating controls: (1) Restrict IP Setting Software installation to dedicated administrative workstations with single-user access to eliminate privilege escalation opportunities. (2) Configure application directories with strict NTFS permissions preventing standard users from writing files, blocking DLL planting in application folders. (3) Enable Windows application whitelisting (AppLocker or Windows Defender Application Control) to prevent unsigned DLL loading from non-system paths - note this may impact legitimate software updates and requires testing. (4) Deploy endpoint detection solutions monitoring for DLL hijacking indicators such as unusual DLL loads from writable directories. (5) Run IP Setting Software from read-only network shares when possible, though this may impact functionality. Trade-off consideration: Restricting write access to application directories can interfere with software auto-update mechanisms. Monitor the JVN advisory at https://jvn.jp/en/jp/JVN42090270/ for additional technical details as the coordinated disclosure progresses.

Share

EUVD-2026-25194 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy