← back
CVE-2020-36938

WinAVR Version 20100110 - Insecure Folder Permissions

CVSS 7 HIGHEPSS 0.2%CWE-732
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
WinAVR · WinAVR

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sourceforge.net/projects/winavr/https://www.exploit-db.com/exploits/49379https://www.vulncheck.com/advisories/winavr-version-insecure-folder-permissions