Razer

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
* Razer Merchant Services (MOLPay) Mobile SDK OTHER critical
**Group 1 client assets** * Code vulnerabilities in the Razer Merchant Services (MOLPay) Mobile SDK that could lead to a compromise of user data: https://www.molpay.com/v3/features/mobile-xdk/
Cortex, including backend infrastructure OTHER critical
**Group 2 assets** * Cortex version 9.x client * Cortex platform: * https://deals.razer.com
Group 1 client assets - $1,500 - $250 (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value.
Group 1 web assets - $2,000 - $250 (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value.
Group 2 assets $1,500 - $250 (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value.
Razer Gold Assets OTHER critical
**Group 1 web assets** * _In Scope Razer Gold Assets_ * https://gold.razer.com * https://pay.gold.razer.com * https://global.gold.razer.com * https://paychannel.gold.razer.com * https://reward.gold.razer.com * https://topupapi.gold.razer.com * https://webhookapi.gold.razer.com * https://cms.gold.razer.com * https://console.gold.razer.com * https://silverconsole.gold.razer.com * https://voucherconsole.gold.razer.com * https://merchant.gold.razer.com * https://zmerchant.gold.razer.com * https://silvermerchant.gold.razer.com * https://media.gold.razer.com * https://ubuild.gold.razer.com * https://wbuild.gold.razer.com
Razer ID infrastructure (authentication platform) OTHER critical
**Group 1 web assets** * _In-Scope Razer ID infrastructure assets:_ * https://ec.razerzone.com * https://oauth2.razerzone.com * https://razer-id.razer.com NOTE: Part of the Razer ID ecosystem. These are normally accessed from Razer applications and web properties via REST API.
Razer Pay MY backend infrastructure OTHER critical
**Group 1 web assets**
Razer Pay SG backend infrastructure OTHER critical
**Group 1 web assets**
Razer Peripherals (firmware) - $1,000 - $250 OTHER critical
**Group 2 assets**
Razer Phone or Razer Phone 2 - $1,000 - $250 OTHER critical
**Group 2 asset**
Razer Store OTHER critical
**Group 1 web assets** * In-Scope Razer Store assets * https://store.razer.com (Note that different regional settings may redirect to different servers)
Razer Systems (e.g. Blade laptops) - $1,000 - $250 OTHER critical
**Group 2 assets**
Razer web properties NOT in Group 1 - e.g. deals.razer.com, developer.razer.com - $500 - $150 OTHER critical
**Group 2 assets** * deals.razer.com * developer.razer.com
RazerPay MY Android OTHER critical
**Group 1 client assets** PlayStore: https://play.google.com/store/apps/details?id=com.mol.molwallet&hl=None
RazerPay SG Android OTHER critical
**Group 1 client assets**
S3 bucket exposure - $250 OTHER critical
**Group 2 assets**
Source code exposure - $1,500 - $500 OTHER critical
**Group 2 asset**
Synapse 2 client OTHER critical
**Group 1 client assets**
Synapse 3 client OTHER critical
**Group 1 client assets** Link to download the Synapse 3 client: https://www.razerzone.com/synapse-3 The Windows client is normally found in C:\Program Files (x86)\Razer\Synapse3, with some number of support files in the C:\Program Files (x86)\Razer folder as well. With the installation of Synapse 3, the user should also receive Razer Central, which is a Razer platform management client. This is normally found in C:\Program Files (x86)\Razer\Razer Services and C:\Program Files (x86)\Razer\InGameEngine.
Tier 3 assets - $300 - $150 (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value. * Other Razer Applications, e.g. Surround - **$300 - $150**
Razer web properties NOT in Group 1 (as listed) - $500 - $150 OTHER critical
**Group 2 assets** * deals.razer.com * developer.razer.com * insider.razer.com * music.razer.com * press.razer.com * support.razer.com and *.razersupport.com * dl.razer.com * themes.razerzone.com * mobileservices.razerzone.com
Razer properties not eligible for bounty OTHER critical
Group 1 client assets (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value.
Group 1 web assets (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value.
Group 2 assets (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value.
Razer Peripherals (firmware) OTHER critical
Razer keyboards, mice, and other peripherals, particularly those including onboard firmware.
Razer Phone or Razer Phone 2 OTHER critical
**Group 2 asset**
Razer Systems (e.g. Blade laptops) OTHER critical
**Group 2 assets**
Razer web properties NOT in Group 1 (as listed) OTHER critical
**Group 2 assets** * deals.razer.com * developer.razer.com * insider.razer.com * music.razer.com * press.razer.com * support.razer.com and *.razersupport.com * dl.razer.com * themes.razerzone.com * mobileservices.razerzone.com * thx.com
S3 bucket exposure OTHER critical
**Group 2 assets**
Source code exposure OTHER critical
Current production source code belonging to Razer.
Tier 3 assets (Rewards based on Impact) OTHER critical
Please **refer to our bounty table** for the list of eligible assets and the potential value. * Other Razer Applications: Razer Central, Razer Surround - **$300 - $150**

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity