CVE-2022-29014
https://notcve.org/view.php?id=CVE-2022-29014
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. Una vulnerabilidad de inclusión de archivos locales en Razer Sila Gaming Router versión v2.0.441_api-2.0.418, permite a atacantes leer archivos arbitrarios • https://packetstormsecurity.com/files/166683/Razer-Sila-2.0.418-Local-File-Inclusion.html https://www.exploit-db.com/exploits/50864 https://www2.razer.com/ap-en/desktops-and-networking/razer-sila •
CVE-2022-29013
https://notcve.org/view.php?id=CVE-2022-29013
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. Una inyección de comandos en el parámetro command de Razer Sila Gaming Router versión v2.0.441_api-2.0.418, permite a atacantes ejecutar comandos arbitrarios por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html https://www.exploit-db.com/exploits/50865 https://www2.razer.com/ap-en/desktops-and-networking/razer-sila • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •