Razer Synapse 3 Security Vulnerability Analysis Report

VerSprite's VS-Labs found vulnerabilities within Razer Synapse 3 software that can lead to Denial of Service (DoS) attacks
Razer Synapse 3 Security Vulnerability Analysis Report

Razer Synapse 3 Vulnerability Analysis Summary

Razer’s Synapse 3 product contains security-related vulnerabilities that provide less privileged users the ability to write a file to any folder on disk. The Razer Synapse 3 vulnerability is within the improper usage of the Windows Registry, where improper permission assignment leads to local users having full control over multiple important Registry keys relating to the Synapse 3 software suite. Local system services deployed via the Synapse 3 software suite, utilize the Registry Keys to build file name paths to store runtime logging information. The initial impact of these vulnerabilities is a denial of service via system instability; however, full exploitation is not out of the realm of possibilities.

Razer Synapse 3 Not Working: 2 Vulnerabilities Discovered & Patched

View VerSprite's Vulnerability Analysis Report for Razer Synapse 3

CVEs for the Razer Synapse 3 Vulnerabilities

Razer Synapse 3 Vulnerability Remediation

Remediation for these vulnerabilities was performed on February 25th, 2021, when Razer released updates to the Synapse 3 Software suite where the vulnerabilities were mitigated. However, after VerSprite security researchers performed an internal verification of the patch provided by Razer, we concluded that the patch was only a partial solution. The RzSDKService.exe service binary still interacted with a critical resource that had improper permissions assigned. Razer has acknowledged the failed patch and stated that they will work on a patch before the end of April 2021. For more information on the entire timeline, please refer to the Vendor Disclosure Timeline section, within the full report.

VerSprite Security Research Team

Maintain awareness regarding unknown threats to your products, technologies, and enterprise networks. Organizations that are willing to take the next step in proactively securing their flagship product or environment can leverage our zero-day vulnerability research offering. Our subscription-based capability provides your organization with immediate access to zero-day vulnerabilities affecting products and software. Learn More →

View our security advisories detailing vulnerabilities found in major products for MacOs, Windows, Android, and iOS.