Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.3
CVSSv3

CVE-2021-44226

Published: 23/03/2022 Updated: 18/09/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Synapse

Vulnerability Summary

Razer Synapse prior to 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

razer synapse

Exploits

Exploit DB: Razer Synapse 3.6.x DLL Hijacking
Razer Synapse versions prior to 370228022817 suffer from a dll hijacking vulnerability ...
Exploit DB: Razer Synapse Race Condition / DLL Hijacking
Razer Synapse versions before 380428042117 (20230601) suffer from multiple vulnerabilities Due to an unsafe installation path, improper privilege management, and a time-of-check time-of-use race condition, the associated system service "Razer Synapse Service" is vulnerable to DLL hijacking As a result, local Windows users can abuse the Razer d ...
Exploit DB: Razer Synapse 3.7.0731.072516 Local Privilege Escalation
Razer Synapse version 370731072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability ...

References

CWE-427https://www.razer.com/communityhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-058.txthttp://seclists.org/fulldisclosure/2022/Mar/51http://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.htmlhttp://seclists.org/fulldisclosure/2023/Jan/26http://packetstormsecurity.com/files/170772/Razer-Synapse-3.7.0731.072516-Local-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2023/Sep/6http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/166485/Razer-Synapse-3.6.x-DLL-Hijacking.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook