CVE-2020-16602

Опубликовано: 02 сент. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Средний

Описание

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.

Ссылки

http://packetstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.html
Exploit
Third Party Advisory
VDB Entry
https://assets.razerzone.com/dev_portal/REST/html/index.html
Vendor Advisory
https://www.angelystor.com/2020/09/cve-2020-16602-remote-file-execution-on.html
Third Party Advisory
https://www.youtube.com/watch?v=fkESBVhIdIA
Third Party Advisory
http://packetstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.html
Exploit
Third Party Advisory
VDB Entry
https://assets.razerzone.com/dev_portal/REST/html/index.html
Vendor Advisory
https://www.angelystor.com/2020/09/cve-2020-16602-remote-file-execution-on.html
Third Party Advisory
https://www.youtube.com/watch?v=fkESBVhIdIA
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:razer:chroma_sdk:*:*:*:*:*:*:*:*

Версия до 3.12.17 (включая)

EPSS

Процентиль: 95%

0.17837

Средний

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

GHSA-gw77-j7h4-w4jv