CVE-2023-3513

Published: Jul 14, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.

Affected (1)

Products: Razer: Razer Central

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Razer Razer Central	Up to 7.11.0.558

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://starlabs.sg/advisories/23/23-3513/

Source: info@starlabs.sg

ExploitTechnical DescriptionVendor Advisory

https://starlabs.sg/advisories/23/23-3513/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionVendor Advisory

Timeline

No history available yet.