7.3

CVE-2021-44226

Exploit
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RazerSynapse Version < 3.7.0228.022817
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.89% 0.546
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.3 1.3 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html
Third Party Advisory
Exploit
VDB Entry
http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.html
Not Applicable
http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html
http://seclists.org/fulldisclosure/2022/Mar/51
Third Party Advisory
Exploit
Mailing List
http://seclists.org/fulldisclosure/2023/Jan/26
Not Applicable
http://seclists.org/fulldisclosure/2023/Sep/6
https://www.razer.com/community
Vendor Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-058.txt
Third Party Advisory
Exploit