CVE-2022-29014
Published: 09 June 2022
Summary
CVE-2022-29014 is a high-severity an unspecified weakness vulnerability in Razer Sila Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-29014 is a local file inclusion vulnerability in the Razer Sila Gaming Router running firmware version 2.0.441_api-2.0.418. The flaw permits remote attackers to read arbitrary files on the device and carries a CVSS 3.1 base score of 7.5 reflecting network attack vector, low complexity, and no required authentication or user interaction.
Unauthenticated attackers with network access can exploit the issue to retrieve sensitive configuration or system files from the router. Public proof-of-concept code published on Exploit-DB and Packet Storm demonstrates direct file disclosure without credentials.
The listed references point to exploit repositories and the vendor product page but contain no advisory text or patch details. The EPSS score rose to a peak of 0.8620 on 2025-12-18 before receding to the current value of 0.6591, indicating material post-disclosure exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-33444
Vulnerability details
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.