Lucene search

K

Razer Security Vulnerabilities

cve
cve

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM.....

7.8CVSS

7.6AI Score

0.0004EPSS

2023-09-14 10:15 PM
8
cve
cve

CVE-2021-44226

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs...

7.3CVSS

7.4AI Score

0.001EPSS

2022-03-23 10:15 PM
64
cve
cve

CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed...

6.8CVSS

6.9AI Score

0.001EPSS

2023-01-27 03:15 PM
21
cve
cve

CVE-2022-29013

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST...

9.8CVSS

9.8AI Score

0.861EPSS

2022-06-09 12:15 AM
32
4
cve
cve

CVE-2023-3513

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-07-14 05:15 AM
12
cve
cve

CVE-2023-3514

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to...

7.8CVSS

8.1AI Score

0.0004EPSS

2023-07-14 05:15 AM
9
cve
cve

CVE-2022-45697

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-02-27 03:15 PM
16
cve
cve

CVE-2020-16602

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236.....

8.1CVSS

8.2AI Score

0.547EPSS

2020-09-02 01:15 PM
69
cve
cve

CVE-2022-29014

A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary...

7.5CVSS

7.3AI Score

0.798EPSS

2022-06-09 12:15 AM
46
5
cve
cve

CVE-2021-30493

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other...

5.5CVSS

5.4AI Score

0.001EPSS

2021-04-14 03:15 PM
17
4
cve
cve

CVE-2021-30494

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other.....

5.5CVSS

5.4AI Score

0.001EPSS

2021-04-14 03:15 PM
21
4
cve
cve

CVE-2019-13142

The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver. The DACL on this folder allows any user to overwrite contents of files in this folder,.....

5.5CVSS

5.5AI Score

0.0004EPSS

2019-07-09 06:15 PM
75
cve
cve

CVE-2017-14398

rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and...

7.8CVSS

7.4AI Score

0.0004EPSS

2017-09-13 08:29 AM
30
cve
cve

CVE-2017-11652

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll...

8.4CVSS

8.1AI Score

0.001EPSS

2017-08-18 05:29 PM
24
cve
cve

CVE-2017-11653

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll...

7.8CVSS

7.6AI Score

0.0004EPSS

2017-08-18 05:29 PM
27
cve
cve

CVE-2017-9769

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary...

9.8CVSS

9.2AI Score

0.232EPSS

2017-08-02 07:29 PM
54