CVE-2020-36929
Published: 16 January 2026
Summary
CVE-2020-36929 is a high-severity Unquoted Search Path or Element (CWE-428) vulnerability in Brother Brprint Auditor. Its CVSS base score is 8.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Unquoted Path (T1574.009); ranked at the 13.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2020-36929 is an unquoted service path vulnerability (CWE-428) in Brother BRPrint Auditor 3.0.7 on Windows systems. The flaw affects the BrAuSvc and BRPA_Agent Windows services, which have unquoted file paths in their configurations. This allows local attackers to potentially execute arbitrary code by injecting malicious executables into the search path. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Local low-privileged attackers can exploit the unquoted paths during service startup or restart. By placing a malicious executable in a directory that the service search path traverses before the legitimate binary, attackers can achieve code execution with elevated privileges, leading to full system compromise including high impacts on confidentiality, integrity, and availability.
Brother provides downloads for BRPrint Auditor Pro 3, likely including patches, via support pages such as those for Belgium in French and Dutch. A Vulncheck advisory details the multiple unquoted service path issues, and proof-of-concept exploits are available on Exploit-DB (ID 50005). Security practitioners should verify and apply updates to mitigate exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3036
Vulnerability details
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables…
more
and escalate privileges on the system.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct match to unquoted service path enabling path interception for privilege escalation via malicious executable placement in service search path.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses CVE-2020-36929 by applying Brother BRPrint Auditor patches that fix unquoted service paths in BrAuSvc and BRPA_Agent, preventing local privilege escalation.
Enforcing secure configuration settings ensures Windows services like BrAuSvc and BRPA_Agent have quoted executable paths, blocking search path hijacking exploits.
Vulnerability scanning detects unquoted service path issues like CVE-2020-36929 in BRPrint Auditor services for prompt identification and remediation.