CVE-2018-19592

Name of the Vulnerable Software and Affected Versions Corsair Link version 4.9.7.35

Description The issue is related to the "CLink4Service" service, which is installed with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITYSYSTEM, potentially leading to total system takeover.

Recommendations For Corsair Link version 4.9.7.35, consider updating the permissions of the "CLink4Service" service to prevent unprivileged users from taking control of it. As a temporary workaround, restrict access to the service to minimize the risk of exploitation.