Description
IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
Published: 2026-04-23
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution with Administrative Privileges
Action: Immediate Patch
AI Analysis

Impact

i‑PRO IP Setting Software contains an uncontrolled DLL search path that allows an attacker to load an unauthorized Dynamic Link Library. Once the malicious DLL is loaded, code can be executed with the software’s administrative privileges, leading to full system compromise. The flaw is classified as CWE‑427, representing an untrusted path used to load executable code.

Affected Systems

The vulnerability affects i‑PRO Co., Ltd.’s IP Setting Software. No specific version numbers are provided, so all installations of this product are considered potentially susceptible.

Risk and Exploitability

The CVSS score of 7 indicates a high severity, yet the EPSS indicator of less than 1% suggests a low probability of current exploitation. The flaw is not listed in CISA’s KEV catalog. Likely attack vectors involve a local user with the ability to place a crafted DLL in a directory that appears in the software’s search path, or via an existing privileged process that can influence DLL loading. Because the weakness requires administrative rights to execute arbitrary code, the potential impact is broad compromise of the affected system.

Generated by OpenCVE AI on April 28, 2026 at 20:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the vendor’s latest security update for IP Setting Software.
  • Restrict write permissions on directories referenced by the software’s DLL search path so that only trusted accounts can place files there.
  • Configure the application or operating system to use a secure DLL search path that limits library loading to approved system directories.

Generated by OpenCVE AI on April 28, 2026 at 20:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
Title DLL Search Path Vulnerability in i‑PRO IP Setting Software Allows Arbitrary Code Execution with Administrative Privileges

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared I-pro
I-pro ip Setting Software
Vendors & Products I-pro
I-pro ip Setting Software

Thu, 23 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
Weaknesses CWE-427
References
Metrics cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

I-pro Ip Setting Software
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-04-23T12:25:09.286Z

Reserved: 2026-04-10T08:17:32.779Z

Link: CVE-2026-34488

cve-icon Vulnrichment

Updated: 2026-04-23T12:25:04.435Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-23T07:16:40.813

Modified: 2026-04-24T14:50:56.203

Link: CVE-2026-34488

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:45:16Z

Weaknesses
  • CWE-427

    Uncontrolled Search Path Element