CVE-2021-30494 Information

Description

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words an attacker can create a file in an unintended directory (with some limitations).

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://versprite.com/blog/security-research/razer-synapse-3-security-vulnerability-analysis-report/ https://versprite.com/advisories/razer-synapse-3-1/ https://versprite.com/security-resources/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.5