CVE-2023-3514 – RazerCentralSerivce Unsafe Named Pipe Permission Escalation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-3514
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. • https://starlabs.sg/advisories/23/23-3514 • CWE-269: Improper Privilege Management •
CVE-2023-3513 – RazerCentralService Unsafe Deserialization Escalation of Privilege
https://notcve.org/view.php?id=CVE-2023-3513
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. • https://starlabs.sg/advisories/23/23-3513 • CWE-269: Improper Privilege Management CWE-502: Deserialization of Untrusted Data •
CVE-2022-45697
https://notcve.org/view.php?id=CVE-2022-45697
Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. • http://razer.com https://github.com/Wh04m1001/CVE • CWE-59: Improper Link Resolution Before File Access ('Link Following') •