CVE-2022-29013

CRITICAL EXPLOITED NUCLEI

Razer Sila Gaming Router <v2.0.441_api-2.0.418 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-29013 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Kevin Randall. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the Razer Sila router's ubus interface, allowing unauthenticated remote command execution as root via crafted JSON-RPC requests.

Description

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.

Exploits (1)

exploitdb WORKING POC
by Kevin Randall · textwebappshardware
https://www.exploit-db.com/exploits/50865

This exploit demonstrates a command injection vulnerability in the Razer Sila router's ubus interface, allowing unauthenticated remote command execution as root via crafted JSON-RPC requests.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Razer Sila Router (RazerSila-2.0.441_api-2.0.418)
No auth needed
Prerequisites: Network access to the router's management interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Razer Sila Gaming Router - Remote Code Execution
CRITICALby DhiyaneshDK

References (3)

Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50865

Scores

CVSS v3 9.8
EPSS 0.7714
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-04-27
CWE
CWE-78
Status published
Products (1)
razer/sila_firmware 2.0.441_api-2.0.418
Published Jun 09, 2022
Tracked Since Feb 18, 2026