CVE-2019-13055

Published: Jun 29, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.

Affected (2)

Products: Logitech: Unifying Receiver Firmware, K360 Firmware

Logitech

2 products

Unifying Receiver Firmware

K360 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Logitech Unifying Receiver Firmware	All versions

Running on/with	Platform Versions
Logitech Unifying Receiver	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Logitech K360 Firmware	All versions

Running on/with	Platform Versions
Logitech K360	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://www.youtube.com/watch?v=5z_PEZ5PyeA

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=5z_PEZ5PyeA

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.