384 matches found
Code injection
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed...
Design/Logic Flaw
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard...
CVE-2019-13055
Logitech Unifying devices are affected by CVE-2019-13055, where an attacker can dump AES keys and addresses, enabling live decryption of RF transmissions (demonstrated against a K360 keyboard). The connected sources corroborate information disclosure via the Unifying receiver; root cause and affe...
CVE-2019-13055
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard...
CVE-2019-13054
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z...
CVE-2019-13054
The CVE-2019-13054 entry concerns Logitech R500 wireless presentation clickers. Connected sources describe a vulnerability allowing an attacker to determine the AES key, enabling keystroke injection. On Windows, text can be injected by abusing ALT+NUMPAD input to bypass the A–Z character restrict...
CVE-2019-13053
CVE-2019-13053 describes a keystroke injection vulnerability in Logitech Unifying devices. The issue allows an attacker to inject keystrokes and bypass encryption by pressing a specific “magic” key combination while listening to the RF transmission. The vulnerability is noted as a consequence of ...
CVE-2019-13053
Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761...
CVE-2016-10761
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack...
CVE-2016-10761
CVE-2016-10761 affects Logitech Unifying devices prior to 2016-02-26, enabling keystroke injection and bypassing encryption (MouseJack). The NVD entry lists low to medium severity (CVSS v2 base 3.3, CVSS v3 base 6.5) with adjacent, low-complexity exploitation and no user interaction required. Pub...
CVE-2019-13052
Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed...
CVE-2019-13052
CVE-2019-13052 concerns Logitech Unifying devices where, if the pairing between a keyboard and its receiver is sniffed, an attacker could achieve live decryption of the communication. The core details across connected records identify the affected class as Logitech Unifying devices and describe a...
CVE-2019-12506
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target...
Design/Logic Flaw
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target...
CVE-2019-12506
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target...
CVE-2019-12506
CVE-2019-12506 affects the Logitech R700 Laser Presentation Remote R-R0010. The vulnerability arises from unencrypted and unauthenticated wireless communication, enabling keystroke injection and allowing an attacker to send arbitrary keystrokes to a victim’s computer when the receiver is in range...
Logitech R700 Laser Presentation Remote R-R0010 Injection Vulnerability
The Logitech R700 Laser Presentation Remote R-R0010 is a wireless presentation remote control from Logitech Switzerland. An injection vulnerability exists in Logitech R700 Laser Presentation Remote R-R0010. The vulnerability arises when, during user input to construct commands, data structures, o...
Logitech R700 Laser Presentation Remote Keystroke Injection Vulnerability
Product: R700 Laser Presentation Remote Manufacturer: Logitech Affected Versions: Model R-R0010 PID WD904XM and PID WD802XM Tested Versions: Model R-R0010 PID WD904XM and PID WD802XM Vulnerability Type: Insufficient Verification of Data Authenticity CWE-345 Keystroke Injection Vulnerability Risk...
EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. ...
BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained
SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...