CVE-2026-24466 in Device
Summary
by MITRE • 02/09/2026
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/09/2026
This vulnerability exists in Windows services deployed by Oki Electric Industry Co., Ltd. and their OEM partners including Ricoh Co., Ltd. and Murata Machinery, Ltd. The core issue stems from improper service installation practices where service executable paths are not properly quoted in the Windows service registry. This configuration creates a security weakness that allows privilege escalation attacks. When Windows attempts to start these services, it searches for executables in the specified path and all parent directories until it finds a matching executable. The vulnerability is particularly dangerous because it allows local users with write permissions to the system drive root directory to place malicious executables that will be executed with SYSTEM privileges. This represents a classic Windows service path traversal vulnerability that aligns with CWE-78 and CWE-798, where unquoted service paths create opportunities for attackers to inject malicious code. The flaw enables attackers to escalate from a standard user account to SYSTEM level access, which provides complete control over the affected system. The vulnerability affects a wide range of devices including multifunction printers and industrial machinery that utilize Windows-based operating systems. This issue is particularly concerning in enterprise environments where these devices may be connected to internal networks and could serve as entry points for broader attacks. The attack vector is relatively straightforward as it requires only local access with write permissions to the system drive root and knowledge of the vulnerable service name. This vulnerability directly maps to ATT&CK technique T1068 which covers privilege escalation through local exploits. The service registration process fails to implement proper path validation and quoting mechanisms, creating a persistent security gap that could be exploited by attackers with minimal privileges. The impact extends beyond individual device compromise as these devices often serve as network endpoints that could be used to establish persistent access to larger network infrastructures. Organizations should immediately review service installations and ensure all service paths are properly quoted to prevent exploitation. The vulnerability demonstrates a critical failure in secure coding practices and configuration management for Windows services. Regular security audits should include verification of service path configurations and proper privilege management. This issue underscores the importance of following security best practices for service installation and the need for regular vulnerability assessments of embedded systems and network devices. The threat landscape for industrial control systems and networked printing devices has been significantly impacted by this vulnerability, as attackers can leverage it to gain unauthorized access to critical infrastructure components. System administrators should implement immediate mitigation measures including service path hardening, privilege restrictions, and network segmentation to reduce the attack surface. The vulnerability also highlights the need for comprehensive security awareness training for IT personnel responsible for maintaining these systems, as proper service configuration is fundamental to overall system security posture. Organizations should establish procedures for regular service configuration reviews and automated vulnerability scanning to prevent similar issues from occurring in the future.