CVE-2020-13517

Medium

5.5/10

Summary

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Dec 18, 2020

CVE-2020-13517

Summary

References

Advisory Timeline

KICS SaaS

HackerOne

KICS Auto Scanning VS Code Extension