CVE-2024-29404

HIGH

Razer Synapse 3 <v.3.9.131.20813 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-29404. PoCs published by mansk1es.

AI-analyzed exploit summary This repository contains a writeup for CVE-2024-29404, detailing an elevation of privilege vulnerability in Razer Synapse 3 via arbitrary file/folder removal in the 'Chroma Effects' functionality. No exploit code is provided, only a description and a link to an external asset.

Description

An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component.

Exploits (1)

nomisec WRITEUP 1 stars
by mansk1es · poc
https://github.com/mansk1es/CVE-2024-29404_Razer

This repository contains a writeup for CVE-2024-29404, detailing an elevation of privilege vulnerability in Razer Synapse 3 via arbitrary file/folder removal in the 'Chroma Effects' functionality. No exploit code is provided, only a description and a link to an external asset.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: Razer Synapse 3 <= Version 3.9.131.20813
No auth needed
Prerequisites: Local access to the system · Razer Synapse 3 installed with vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0047
EPSS Percentile 36.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Published Dec 03, 2024
Tracked Since Feb 18, 2026