CVE-2016-6257

Published: Aug 2, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

Affected (6)

Products: Amazonbasics: Firmware · Dell: Km714 Firmware, Km632 Firmware · Logitech: Unifying Firmware · +1 more

Show all products

Amazonbasics: Firmware · Dell: Km714 Firmware, Km632 Firmware · Logitech: Unifying Firmware · Lenovo: Ultraslim Firmware

1 product

2 products

1 product

Unifying Firmware

1 product

Ultraslim Firmware

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Amazonbasics Firmware	All versions

Running on/with	Platform Versions
Amazonbasics Usb Dongle	All versions
Amazonbasics Wireless Keyboard	All versions

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Km714 Firmware	Up to 012.005.00028

Running on/with	Platform Versions
Dell Km714 Dongle	All versions
Dell Km714 Wireless Keyboard	All versions

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Dell Km632 Firmware	All versions

Running on/with	Platform Versions
Dell Km632 Dongle	All versions
Dell Km632 Wireless Keyboard	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Logitech Unifying Firmware	Up to 012.005.00028
Logitech Unifying Firmware	Up to 024.003.00027

Running on/with	Platform Versions
Logitech Unifying Dongle	All versions

Configuration E

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Lenovo Ultraslim Firmware	All versions

Running on/with	Platform Versions
Lenovo Ultraslim Dongle	All versions
Lenovo Ultraslim Wireless Keyboard	All versions

Related CWEs

References (8)

http://www.securityfocus.com/bid/92179

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt

Source: cve@mitre.org

Third Party Advisory

https://support.lenovo.com/product_security/len_7267

Source: cve@mitre.org

Vendor Advisory

https://www.bastille.net/research/vulnerabilities/keyjack

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/92179

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://support.lenovo.com/product_security/len_7267

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.bastille.net/research/vulnerabilities/keyjack

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.