MITRE assigned CVE CVE-2022-45697 for this vulnerability.
The vulnerability is in Razer Central service which does not check for symbolic links during login of user which leads to arbitrary file delete vulnerability and escalation of privileges.
The Razer team allowed CVE filing but did not allow publishing any PoC.
- 8/09/2022 - Initial discovery
- 8/10/2022 - Contacted Razer Team on Twitter
- 8/11/2022 - Razer team emailed me and gave me instructions to create a report on their BB program
- 8/11/2022 - Report created on Inspective platform
- 8/19/2022 - Inspective confirmed vulnerability
- 11/15/2022 - Inspective informed me that fix is released
- 11/17/2022 - Filing for CVE
- 02/27/2023 - CVE assigned