← back
CVE-2020-16602

CVE-2020-16602

EPSS 6.0%
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49106unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/160225/Razer-Chroma-SDK-Server-3.16.02-Race-Condition.htmlhttps://assets.razerzone.com/dev_portal/REST/html/index.htmlhttps://www.angelystor.com/2020/09/cve-2020-16602-remote-file-execution-on.htmlhttps://www.youtube.com/watch?v=fkESBVhIdIA