Information Disclosure Vulnerability in NZXT CAM by NZXT
CVE-2020-13510

6.5MEDIUM

Key Information:

Vendor: Nzxt
Status: Nzxt
Vendor: CVE Published:; 18 December 2020

What is CVE-2020-13510?

An information disclosure vulnerability has been identified in the NZXT CAM application, specifically in the WinRing0x64 Driver's Privileged I/O Read IRPs functionality. This issue arises from a specially crafted I/O request packet (IRP) that allows a low privilege user to gain unrestricted access to the IN instruction at an elevated privilege level. By sending a malicious IRP to the system, an attacker can exploit this vulnerability, potentially leading to unauthorized access to sensitive information.

Affected Version(s)

NZXT NZXT CAM 4.8.0

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2020
Vulnerability Reserved
May 26, 2020

JSON

Nzxt

What is CVE-2020-13510?

Affected Version(s)

References

CVSS V3.1

Timeline