Vendor
Razer
Products
2
CVEs
5
Across products
5
Status
Private
Products
2- 3 CVEs
- 2 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9769 | Cri | 0.73 | 9.8 | 0.78 | Aug 2, 2017 | A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process. | |
| CVE-2017-14398 | Hig | 0.51 | 7.8 | 0.00 | Sep 13, 2017 | rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection. | |
| CVE-2017-11653 | Hig | 0.51 | 7.8 | 0.00 | Aug 18, 2017 | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | |
| CVE-2023-3514 | 0.00 | — | 0.00 | Jul 14, 2023 | Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. | ||
| CVE-2023-3513 | 0.00 | — | 0.00 | Jul 14, 2023 | Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. |