CORSAIR
Products
6- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22002 | Hig | 0.51 | 7.8 | 0.00 | Jun 18, 2024 | CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory. | ||
| CVE-2020-8808 | Hig | 0.51 | 7.8 | 0.01 | Feb 7, 2020 | The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges,… | ||
| CVE-2018-19592 | Hig | 0.51 | 7.8 | 0.01 | Sep 27, 2019 | The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue… | ||
| CVE-2018-12441 | Hig | 0.51 | 7.8 | 0.01 | Oct 11, 2018 | The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system.… | ||
| CVE-2022-35860 | Med | 0.44 | 6.8 | 0.00 | Oct 19, 2022 | Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. |
- risk 0.51cvss 7.8epss 0.00
CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory.
- risk 0.51cvss 7.8epss 0.01
The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges,…
- risk 0.51cvss 7.8epss 0.01
The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue…
- risk 0.51cvss 7.8epss 0.01
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system.…
- risk 0.44cvss 6.8epss 0.00
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.