CVE-2023-3514

Name of the Vulnerable Software and Affected Versions RazerCentral versions prior to 7.11.0.558

Description The issue is related to improper privilege control in the RazerCentralService Named Pipe, allowing a malicious actor with local access to gain SYSTEM privilege. This can be achieved by communicating with the named pipe as a low-privilege user and calling the AddModule or UninstallModules command to execute an arbitrary executable file.

Recommendations For versions prior to 7.11.0.558, update to a version newer than 7.11.0.558 to resolve the issue. As a temporary workaround, consider restricting access to the RazerCentralService Named Pipe to minimize the risk of exploitation.