CVE-2021-30494

Published: Apr 14, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).

Affected (1)

Products: Razer: Synapse

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Razer Synapse	Version 3.5.1030.101917

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

https://versprite.com/advisories/razer-synapse-3-1/

Source: cve@mitre.org

Third Party Advisory

https://versprite.com/blog/security-research/razer-synapse-3-security-vulnerability-analysis-report/

Source: cve@mitre.org

ExploitThird Party Advisory

https://versprite.com/security-resources/

Source: cve@mitre.org

Third Party Advisory

https://versprite.com/advisories/razer-synapse-3-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://versprite.com/blog/security-research/razer-synapse-3-security-vulnerability-analysis-report/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://versprite.com/security-resources/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.