CVE

Update

MITRE assigned CVE CVE-2022-45697 for this vulnerability.

This repo contains description of vulnerability i have found in Razer Central before v7.8.0.381

The vulnerability is in Razer Central service which does not check for symbolic links during login of user which leads to arbitrary file delete vulnerability and escalation of privileges.

The Razer team allowed CVE filing but did not allow publishing any PoC.

Disclosure timeline

8/09/2022 - Initial discovery
8/10/2022 - Contacted Razer Team on Twitter
8/11/2022 - Razer team emailed me and gave me instructions to create a report on their BB program
8/11/2022 - Report created on Inspective platform
8/19/2022 - Inspective confirmed vulnerability
11/15/2022 - Inspective informed me that fix is released
11/17/2022 - Filing for CVE
02/27/2023 - CVE assigned

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

CVE

Update

This repo contains description of vulnerability i have found in Razer Central before v7.8.0.381

Disclosure timeline

About

Uh oh!

Releases

Packages

Wh04m1001/CVE

Folders and files

Latest commit

History

Repository files navigation

CVE

Update

This repo contains description of vulnerability i have found in Razer Central before v7.8.0.381

Disclosure timeline

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Packages