Published: 02/09/2020 Updated: 03/12/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Razer Chroma SDK Rest Server up to and including 3.12.17 allows remote malicious users to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.

Vulnerable Product	Search on Vulmon	Subscribe to Product
razer chroma sdk

Razer Chroma SDK Server version 31602 suffers from a race condition vulnerability that allows for remote file execution ...

CWE-362 https://assets.razerzone.com/dev_portal/REST/html/index.html https://www.youtube.com/watch?v=fkESBVhIdIA https://www.angelystor.com/2020/09/cve-2020-16602-remote-file-execution-on.html http://packetstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.html https://nvd.nist.gov https://packetstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-16602

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect