Cyber Resilience

CVE-2022-29014

HighPublic PoC

Published: 09 June 2022

Published
09 June 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.6591 98.5th percentile
Risk Priority 55 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-29014 is a high-severity an unspecified weakness vulnerability in Razer Sila Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-29014 is a local file inclusion vulnerability in the Razer Sila Gaming Router running firmware version 2.0.441_api-2.0.418. The flaw permits remote attackers to read arbitrary files on the device and carries a CVSS 3.1 base score of 7.5 reflecting network attack vector, low complexity, and no required authentication or user interaction.

Unauthenticated attackers with network access can exploit the issue to retrieve sensitive configuration or system files from the router. Public proof-of-concept code published on Exploit-DB and Packet Storm demonstrates direct file disclosure without credentials.

The listed references point to exploit repositories and the vendor product page but contain no advisory text or patch details. The EPSS score rose to a peak of 0.8620 on 2025-12-18 before receding to the current value of 0.6591, indicating material post-disclosure exploitation interest that warrants renewed attention.

EU & UK References

Vulnerability details

A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

razer
sila firmware
2.0.441_api-2.0.418

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References