Cyber Resilience

CVE-2020-36929

HighPublic PoC

Published: 16 January 2026

Published
16 January 2026
Modified
09 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0022 13.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-36929 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Brother Brprint Auditor. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 13.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2020-36929 is an unquoted service path vulnerability (CWE-428) in Brother BRPrint Auditor 3.0.7 on Windows systems. The flaw affects the BrAuSvc and BRPA_Agent Windows services, which have unquoted file paths in their configurations. This allows local attackers to potentially execute arbitrary code by injecting malicious executables into the search path. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Local low-privileged attackers can exploit the unquoted paths during service startup or restart. By placing a malicious executable in a directory that the service search path traverses before the legitimate binary, attackers can achieve code execution with elevated privileges, leading to full system compromise including high impacts on confidentiality, integrity, and availability.

Brother provides downloads for BRPrint Auditor Pro 3, likely including patches, via support pages such as those for Belgium in French and Dutch. A Vulncheck advisory details the multiple unquoted service path issues, and proof-of-concept exploits are available on Exploit-DB (ID 50005). Security practitioners should verify and apply updates to mitigate exploitation.

EU & UK References

Vulnerability details

Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables…

more

and escalate privileges on the system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.009 Path Interception by Unquoted Path Stealth
Adversaries may execute their own malicious payloads by hijacking vulnerable file path references.
Why these techniques?

Direct match to unquoted service path enabling path interception for privilege escalation via malicious executable placement in service search path.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2020-36928Same vendor: Brother
CVE-2023-54336Shared CWE-428
CVE-2020-37048Shared CWE-428
CVE-2019-25306Shared CWE-428
CVE-2020-36979Shared CWE-428
CVE-2020-37017Shared CWE-428
CVE-2021-47859Shared CWE-428
CVE-2019-25309Shared CWE-428
CVE-2021-47790Shared CWE-428
CVE-2022-50929Shared CWE-428

Affected Assets

brother
brprint auditor
3.0.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses CVE-2020-36929 by applying Brother BRPrint Auditor patches that fix unquoted service paths in BrAuSvc and BRPA_Agent, preventing local privilege escalation.

prevent

Enforcing secure configuration settings ensures Windows services like BrAuSvc and BRPA_Agent have quoted executable paths, blocking search path hijacking exploits.

detect

Vulnerability scanning detects unquoted service path issues like CVE-2020-36929 in BRPrint Auditor services for prompt identification and remediation.

References