Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-9835

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.

Published

2019-03-15T18:29:00.750

Last Modified

2024-11-21T04:52:24.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.6 (CRITICAL)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.5

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	fujitsu	lx901_firmware	-	Yes
Hardware	fujitsu	lx901	-	No
Operating System	fujitsu	gk900_firmware	-	Yes
Hardware	fujitsu	gk900	-	No

References

http://www.securityfocus.com/bid/107440 ([email protected])
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt Exploit, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/107440 (af854a3a-2127-422b-91ae-364da2661108)
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)