Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Wacom WTabletService by Wacom
CVE-2019-25288 (GCVE-0-2019-25288)
Vulnerability from nvd – Published: 2026-02-04 23:15 – Updated: 2026-02-05 17:27
VLAI
Title
Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path
Summary
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47593 | exploit |
| https://www.wacom.com | product |
| https://www.vulncheck.com/advisories/wacom-wtable… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wacom | Wacom WTabletService |
Affected:
6.6.7-3
|
Date Public
2019-11-04 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T17:26:57.722318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:27:10.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wacom WTabletService",
"vendor": "Wacom",
"versions": [
{
"status": "affected",
"version": "6.6.7-3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcos Antonio Le\u00f3n (psk)"
}
],
"datePublic": "2019-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T23:15:55.439Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47593",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47593"
},
{
"name": "Wacom Official Homepage",
"tags": [
"product"
],
"url": "https://www.wacom.com"
},
{
"name": "VulnCheck Advisory: Wacom WTabletService 6.6.7-3 - \u0027WTabletServicePro\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wacom-wtabletservice-wtabletservicepro-unquoted-service-path"
}
],
"title": "Wacom WTabletService 6.6.7-3 - \u0027WTabletServicePro\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25288",
"datePublished": "2026-02-04T23:15:55.439Z",
"dateReserved": "2026-01-06T16:07:08.527Z",
"dateUpdated": "2026-02-05T17:27:10.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25288 (GCVE-0-2019-25288)
Vulnerability from cvelistv5 – Published: 2026-02-04 23:15 – Updated: 2026-02-05 17:27
VLAI
Title
Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path
Summary
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47593 | exploit |
| https://www.wacom.com | product |
| https://www.vulncheck.com/advisories/wacom-wtable… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wacom | Wacom WTabletService |
Affected:
6.6.7-3
|
Date Public
2019-11-04 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T17:26:57.722318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T17:27:10.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Wacom WTabletService",
"vendor": "Wacom",
"versions": [
{
"status": "affected",
"version": "6.6.7-3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcos Antonio Le\u00f3n (psk)"
}
],
"datePublic": "2019-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T23:15:55.439Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-47593",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/47593"
},
{
"name": "Wacom Official Homepage",
"tags": [
"product"
],
"url": "https://www.wacom.com"
},
{
"name": "VulnCheck Advisory: Wacom WTabletService 6.6.7-3 - \u0027WTabletServicePro\u0027 Unquoted Service Path",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wacom-wtabletservice-wtabletservicepro-unquoted-service-path"
}
],
"title": "Wacom WTabletService 6.6.7-3 - \u0027WTabletServicePro\u0027 Unquoted Service Path",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25288",
"datePublished": "2026-02-04T23:15:55.439Z",
"dateReserved": "2026-01-06T16:07:08.527Z",
"dateUpdated": "2026-02-05T17:27:10.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}