CVE-2019-9835

Опубликовано: 15 мар. 2019

Источник: nvd

CVSS3: 9.6

CVSS2: 5.8

EPSS Низкий

Описание

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.

Ссылки

http://www.securityfocus.com/bid/107440
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/107440
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:fujitsu:lx901_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:lx901:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:fujitsu:gk900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:fujitsu:gk900:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00062

Низкий

9.6 Critical

CVSS3

5.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-q4c4-449g-h5hc