CVE-2020-16602 – Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution

https://notcve.org/view.php?id=CVE-2020-16602

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step. Razer Chroma SDK Rest Server versiones hasta 3.12.17, permite a atacantes remotos ejecutar programas arbitrarios porque se presenta una condición de carrera en la que un archivo creado bajo "%PROGRAMDATA%\RazerChroma\SDK\Apps" puede ser reemplazado antes de que sea ejecutado por el servidor . El atacante debe tener acceso al puerto 54236 para un paso de registro Razer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution. • https://www.exploit-db.com/exploits/49106 http://packetstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.html https://assets.razerzone.com/dev_portal/REST/html/index.html https://www.angelystor.com/2020/09/cve-2020-16602-remote-file-execution-on.html https://www.youtube.com/watch?v=fkESBVhIdIA • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •