CVE-2020-13509

Name of the Vulnerable Software and Affected Versions NZXT CAM version 4.8.0

Description An information disclosure issue exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction at an elevated privilege level. This could allow for information leakage of sensitive data. An attacker can send a malicious IRP to trigger this issue.

Recommendations For NZXT CAM version 4.8.0, consider disabling the WinRing0x64 Driver Privileged I/O Read IRPs functionality until a patch is available to prevent potential information leakage. Restrict access to the IN instruction to minimize the risk of exploitation. Avoid using the IRP 0x9c4060cc in the affected functionality until the issue is resolved.