Description

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).

Related CPE's

a

razer

synapse

3.5.1030.101917

Vulnerable

References

https://versprite.com/advisories/razer-synapse-3-1/

Third Party Advisory

https://versprite.com/blog/security-research/razer-synapse-3-security-vulnerability-analysis-report/

ExploitThird Party Advisory

https://versprite.com/security-resources/

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-276

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-14T15:15:14.753

4 years ago

Last modified

2021-04-22T15:12:15.667

4 years ago