search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Software driver for D-Link Wi-Fi USB Adapter vulnerable to service path privilege escalation

Vulnerability Note VU#813349

Original Release Date: 2023-07-27 | Last Revised: 2023-08-03


The software driver for D-Link DWA-117 AC600 MU-MIMO Wi-Fi USB Adapter contains a unquoted service path privilege escalation vulnerability. In certain conditions, this flaw can lead to a local privilege escalation.


D-Link DWA-117 AC600 MU-MIMO is a Wi-Fi USB Adapter that enables Wi-Fi network accessible over USB. D-Link provides a software driver for Microsoft Windows operating system that enables proper operation of the device with the operating system. The latest software driver (as of Arpil 19, 2023) was found susceptible to an unquoted service path vulnerability. Given certain conditions are met, there is potential for a local privilege escalation allowing an attacker to escalate privileges to local administrative user.

The following conditions are required to trigger this bug * The software is installed in a directory with a space in it. (The default settings for directory will work) * An unprivileged user should have write access to the directory above the folder that contains the space in its name. (Typical default Windows user permissions is sufficient)


An attacker with low level access can execute code as the system account. The increased privileges allow for access to sensitive files and malicious modifications to the system.


D-Link has provided a patch that addresses the issue. Customers should update their driver to the latest version.


Thanks to @L1v1ng0ffTh3L4n for reporting the vulnerability.

This document was written by Kevin Stephens.

Vendor Information


D-Link Systems Inc. Affected

Notified:  2023-04-20 Updated: 2023-08-03

Statement Date:   August 02, 2023

VU#813349.1 Affected

Vendor Statement

Fix and report publically available here:


  • Fix and report publically available here:

Other Information

Date Public: 2023-07-27
Date First Published: 2023-07-27
Date Last Updated: 2023-08-03 16:30 UTC
Document Revision: 2

Sponsored by CISA.