Skip to content

Wh04m1001/CVE

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE

Update

MITRE assigned CVE CVE-2022-45697 for this vulnerability.

This repo contains description of vulnerability i have found in Razer Central before v7.8.0.381

The vulnerability is in Razer Central service which does not check for symbolic links during login of user which leads to arbitrary file delete vulnerability and escalation of privileges.

The Razer team allowed CVE filing but did not allow publishing any PoC.

image

Disclosure timeline

  • 8/09/2022 - Initial discovery
  • 8/10/2022 - Contacted Razer Team on Twitter
  • 8/11/2022 - Razer team emailed me and gave me instructions to create a report on their BB program
  • 8/11/2022 - Report created on Inspective platform
  • 8/19/2022 - Inspective confirmed vulnerability
  • 11/15/2022 - Inspective informed me that fix is released
  • 11/17/2022 - Filing for CVE
  • 02/27/2023 - CVE assigned

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published