Vulnerability CVE-2019-18199


Published: 2019-10-24   Modified: 2019-11-05

Description:
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Fujitsu Wireless Keyboard Set LX390 Replay Attacks
Matthias Deeg
24.10.2019

Type:

CWE-294

(Authentication Bypass by Capture-replay)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt
https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/

Copyright 2024, cxsecurity.com

 

Back to Top