CVE-2018-19592

HIGH

Corsair Link 4.9.7.35 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19592. PoCs published by BradyDonovan.

AI-analyzed exploit summary The repository contains only a README.md file that references another repository for details on CVE-2018-19592. No exploit code or technical details are provided.

Description

The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441.

Exploits (1)

nomisec STUB

by BradyDonovan · poc

https://github.com/BradyDonovan/CVE-2018-19592

View Code ZIP pw:eip

The repository contains only a README.md file that references another repository for details on CVE-2018-19592. No exploit code or technical details are provided.

Classification

Stub 30%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

http://forum.corsair.com/v3/showthread.php?t=155646

Third Party Advisory x_refsource_misc

https://github.com/BradyDonovan/CVE-2018-19592/blob/master/CLink4Service

View Writeup ZIP pw:eip

Scores

CVSS v3 7.8

EPSS 0.0141

EPSS Percentile 80.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

corsair/link 4.9.7.35

Published Sep 27, 2019

Tracked Since Feb 18, 2026