CVE-2019-9835 - The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keys

CVE-2019-9835

Summary

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.

References

Vulnerable Configurations

cpe:2.3:o:fujitsu:lx901_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:lx901_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:lx901:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:lx901:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:gk900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:fujitsu:gk900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:gk900:-:*:*:*:*:*:*:*
cpe:2.3:h:fujitsu:gk900:-:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:A/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	107440
misc	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt

Last major update

24-08-2020 - 17:37

Published

15-03-2019 - 18:29

Last modified

24-08-2020 - 17:37