CVE-2020-16602

Name of the Vulnerable Software and Affected Versions Razer Chroma SDK Rest Server versions 3.12.17 and earlier

Description The issue allows remote attackers to execute arbitrary programs due to a race condition. This condition occurs when a file created under "%PROGRAMDATA%Razer ChromaSDKApps" can be replaced before it is executed by the server. The attacker must have access to port 54236 for a registration step.

Recommendations For versions 3.12.17 and earlier, as a temporary workaround, consider restricting access to port 54236 to minimize the risk of exploitation. Additionally, monitor and restrict modifications to files under "%PROGRAMDATA%Razer ChromaSDKApps" to prevent potential replacements. At the moment, there is no information about a newer version that contains a fix for this vulnerability.