Vulnerabilities > Corsair

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-19	CVE-2022-35860	Missing Encryption of Sensitive Data vulnerability in Corsair K63 Firmware 3.1.3 Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. high complexity corsair CWE-311	6.8
2020-02-07	CVE-2020-8808	Improper Privilege Management vulnerability in Corsair Icue 3.12.118/3.20.80/3.23.66 The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. local low complexity corsair CWE-269	7.2
2019-09-27	CVE-2018-19592	Incorrect Default Permissions vulnerability in Corsair Link 4.9.7.35 The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. local low complexity corsair CWE-276	7.2
2018-10-11	CVE-2018-12441	Incorrect Default Permissions vulnerability in Corsair Utility Engine The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. local low complexity corsair CWE-276	7.2

Vulnerabilities > Corsair {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Corsair"}]}