CVE-2023-3514

Published: Jul 14, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file.

Affected (1)

Products: Razer: Razer Central

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Razer Razer Central	Up to 7.11.0.558

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://starlabs.sg/advisories/23/23-3514/

Source: info@starlabs.sg

ExploitTechnical DescriptionVendor Advisory

https://starlabs.sg/advisories/23/23-3514/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionVendor Advisory

Timeline

No history available yet.