CVE-2020-16602 – Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution
https://notcve.org/view.php?id=CVE-2020-16602
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step. Razer Chroma SDK Rest Server versiones hasta 3.12.17, permite a atacantes remotos ejecutar programas arbitrarios porque se presenta una condición de carrera en la que un archivo creado bajo "%PROGRAMDATA%\RazerChroma\SDK\Apps" puede ser reemplazado antes de que sea ejecutado por el servidor . El atacante debe tener acceso al puerto 54236 para un paso de registro Razer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution. • https://www.exploit-db.com/exploits/49106 http://packetstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.html https://assets.razerzone.com/dev_portal/REST/html/index.html https://www.angelystor.com/2020/09/cve-2020-16602-remote-file-execution-on.html https://www.youtube.com/watch?v=fkESBVhIdIA • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2019-13142
https://notcve.org/view.php?id=CVE-2019-13142
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege. La función RzSurroundVADStreamingService (en el archivo RzSurroundVADStreamingService.exe) en Razer Surround versión 1.1.63.0, ejecutándose como usuario System usando un ejecutable ubicado en %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. La DACL en esta carpeta permite a cualquier usuario sobrescribir el contenido de los archivos en esta carpeta, resultando en una Elevación de Privilegios. • https://posts.specterops.io/cve-2019-13142-razer-surround-1-1-63-0-eop-f18c52b8be0c • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2017-14398
https://notcve.org/view.php?id=CVE-2017-14398
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection. rzpnk en Razer Synapse 2.20.15.1104 permite a los usuarios locales leer y escribir ubicaciones de memoria arbitrarias y, como consecuencia, ganar privilegios mediante una metodología que involucre el manejo de \Device\PhysicalMemory, IOCTL 0x22A064 y ZwMapViewOfSection. • https://twitter.com/FuzzySec/status/907722788219256832 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-11652 – Razer Synapse 2.20 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-11652
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. Razer Synapse 2.20.15.1104 y anteriores emplea permisos débiles para el directorio CrashReporter, lo que permite que usuarios locales obtengan privilegios mediante un archivo troyano dbghelp.dll. Razer Synapse versions 2.20.15.1104 and below suffer from multiple dll search order hijacking vulnerabilities. • http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2017-11653 – Razer Synapse 2.20 DLL Hijacking
https://notcve.org/view.php?id=CVE-2017-11653
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. Razer Synapse 2.20.15.1104 y anteriores emplea permisos débiles para el directorio Devices, lo que permite que usuarios locales obtengan privilegios mediante un archivo troyano (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll. Razer Synapse versions 2.20.15.1104 and below suffer from multiple dll search order hijacking vulnerabilities. • http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html • CWE-732: Incorrect Permission Assignment for Critical Resource •