RSS   Vulnerabilities for 'Unifying receiver firmware'   RSS

2019-06-29
 
CVE-2019-13055

CWE-200
 

 
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.

 
 
CVE-2019-13053

CWE-74
 

 
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.

 
 
CVE-2019-13052

CWE-200
 

 
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.

 
 
CVE-2016-10761

CWE-74
 

 
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

 

 >>> Vendor: Logitech 18 Products
Cordless freedom
Cordless freedom navigator
Cordless freedom pro
Cordless itouch keyboard
Cordless freedom itouch keyboard
Itouch keyboard
Media server
Videocall
Desktop manager
Unifying firmware
R700 laser presentation remote firmware
K360 firmware
K400r firmware
K750 firmware
K830 firmware
Unifying receiver firmware
R500 firmware
Options


Copyright 2024, cxsecurity.com

 

Back to Top