Vulnerability-Lookup

CVE-2019-18199 (GCVE-0-2019-18199)

Vulnerability from cvelistv5 – Published: 2019-10-24 13:48 – Updated: 2024-08-05 01:47

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

3 references

URL	Tags
https://www.syss.de/fileadmin/dokumente/Publikati…	x_refsource_MISC
http://packetstormsecurity.com/files/154954/Fujit…	x_refsource_MISC
https://www.syss.de/pentest-blog/2019/syss-2019-0…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:47:13.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-24T13:49:16.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18199",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
            },
            {
              "name": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
            },
            {
              "name": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/",
              "refsource": "MISC",
              "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18199",
    "datePublished": "2019-10-24T13:48:56.000Z",
    "dateReserved": "2019-10-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:47:13.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-18199",
      "date": "2026-05-27",
      "epss": "0.00045",
      "percentile": "0.1402"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-18199\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-10-24T14:15:11.393\",\"lastModified\":\"2024-11-21T04:32:48.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en los dispositivos Fujitsu Wireless Keyboard Set LX390 GK381. Debido a la falta de cifrado apropiado de la comunicaci\u00f3n de 2.4 GHz, y debido a la autenticaci\u00f3n basada en contrase\u00f1a, son vulnerables a los ataques de repetici\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fujitsu:lx390_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73DDAB09-7962-453C-888D-F1E2F7AA8AC8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fujitsu:lx390:gk381:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B94F636F-5B3A-49C8-B3C9-92C6A41245A8\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-38496

Vulnerability from cnvd - Published: 2019-11-01

Title

Fujitsu Wireless Keyboard Set LX390密码问题漏洞

Description

Fujitsu Wireless Keyboard Set LX390是日本富士通（Fujitsu）公司的一款无线键盘。 Fujitsu Wireless Keyboard Set LX390 GK381中存在安全漏洞，该漏洞源于程序没有正确加密2.4通讯。攻击者可利用该漏洞实施回放攻击。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.fujitsu.com

Reference

https://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html

Impacted products

Name
Fujitsu Wireless Keyboard Set LX390 GK381

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-18199"
    }
  },
  "description": "Fujitsu Wireless Keyboard Set LX390\u662f\u65e5\u672c\u5bcc\u58eb\u901a\uff08Fujitsu\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u952e\u76d8\u3002\n\nFujitsu Wireless Keyboard Set LX390 GK381\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u6b63\u786e\u52a0\u5bc62.4\u901a\u8baf\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u56de\u653e\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.fujitsu.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-38496",
  "openTime": "2019-11-01",
  "products": {
    "product": "Fujitsu Wireless Keyboard Set LX390 GK381"
  },
  "referenceLink": "https://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-10-25",
  "title": "Fujitsu Wireless Keyboard Set LX390\u5bc6\u7801\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2019-18199

Vulnerability from fkie_nvd - Published: 2019-10-24 14:15 - Updated: 2024-11-21 04:32

Severity

6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt	Exploit, Third Party Advisory
cve@mitre.org	https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	fujitsu	lx390_firmware	-
	fujitsu	lx390	gk381

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:lx390_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73DDAB09-7962-453C-888D-F1E2F7AA8AC8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:lx390:gk381:*:*:*:*:*:*:*",
              "matchCriteriaId": "B94F636F-5B3A-49C8-B3C9-92C6A41245A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en los dispositivos Fujitsu Wireless Keyboard Set LX390 GK381. Debido a la falta de cifrado apropiado de la comunicaci\u00f3n de 2.4 GHz, y debido a la autenticaci\u00f3n basada en contrase\u00f1a, son vulnerables a los ataques de repetici\u00f3n."
    }
  ],
  "id": "CVE-2019-18199",
  "lastModified": "2024-11-21T04:32:48.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-24T14:15:11.393",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4W38-QPR9-G5QM

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-18199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-294"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-24T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.",
  "id": "GHSA-4w38-qpr9-g5qm",
  "modified": "2022-05-24T16:59:49Z",
  "published": "2022-05-24T16:59:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18199"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-18199

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-18199

Aliases

CVE-2019-18199

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-18199",
    "description": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.",
    "id": "GSD-2019-18199"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-18199"
      ],
      "details": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.",
      "id": "GSD-2019-18199",
      "modified": "2023-12-13T01:23:50.615547Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-18199",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt",
            "refsource": "MISC",
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
          },
          {
            "name": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
          },
          {
            "name": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/",
            "refsource": "MISC",
            "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fujitsu:lx390_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fujitsu:lx390:gk381:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18199"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt"
            },
            {
              "name": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
            },
            {
              "name": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.7,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2019-10-24T14:15Z"
    }
  }
}

VAR-201910-0869

Vulnerability from variot - Updated: 2024-11-23 22:55

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks. Fujitsu Wireless Keyboard Set LX390 In the device Capture-replay There is a vulnerability related to authentication bypass by.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state.

A security vulnerability exists in the Fujitsu Wireless Keyboard Set LX390 GK381, which is caused by the program not properly encrypting 2.4 communications. An attacker could exploit the vulnerability implement replay attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Advisory ID: SYSS-2019-009 Product: Wireless Keyboard Set LX390 Manufacturer: Fujitsu Affected Version(s): Model No. GK381 Tested Version(s): Model No. GK381 Vulnerability Type: Cryptographic Issues (CWE-310) Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open (product reached end-of-life (EOL) in May 2019) Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-10-23 CVE Reference: CVE-2019-18199 Author of Advisory: Matthias Deeg (SySS GmbH)


Overview:

Fujitsu Wireless Keyboard Set LX390 is a wireless desktop set consisting
of a mouse and a keyboard. 

The manufacturer describes the product as follows (see [1, 2]):

"The Wireless Keyboard Set LX390 is an excellent desktop solution for
users with ambition. This durable keyboard set is equipped with secure
2.4 GHz technology and plug and play technology. The elegant mouse
works on most surfaces due to its precise 1000 dpi sensor. It offers
fabulous features and ultra slim, portable design."

Due to an insecure implementation of the data communication, the
wireless keyboard LX390 is vulnerable to replay attacks.

Vulnerability Details:

SySS GmbH found out that the wireless keyboard Fujitsu LX390 is prone to replay attacks.

An attacker can simply sniff the data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USB dongle) and replay the recorded communication data at will causing the same effect as the original data communication.

A replay attack against the keyboard can, for example, be used to gain unauthorized access to a computer system that is operated with a vulnerable Fujitsu LX390 keyboard. In this attack scenario, an attacker records the radio communication during a password-based user authentication of his or her victim, for instance during a login to the operating system or during unlocking a screen lock. At an opportune moment when the victim's computer system is unattended, the attacker approaches the victim's computer and replays the previously recorded data communication for the password-based user authentication and thereby gets unauthorized access to the victim's system.


Proof of Concept (PoC):

SySS GmbH could successfully perform a replay attack as described in the
previous section using a software-defined radio in combination with the
software tool GNU Radio Companion. 

It was also possible to perform successful replay attacks using an
in-house developed software tool in combination with the USB radio
dongle Crazyradio PA and the nrf-research-firmware by Bastille Networks
Internet Security written by Marc Newlin (see [3] and [4]). 

SySS recommends replacing LX390 wireless keyboard sets used in
environments with higher security demands, for instance with one of the
newer successor models LX410 or LX960.

Disclosure Timeline:

2019-03-22: Vulnerability reported to manufacturer 2019-03-23: Fujitsu confirms receipt of security advisory 2019-04-02: Received question from manufacturer and answered them 2019-04-11: Received further questions from manufacturer 2019-04-18: Answered open questions and postponed disclosure date 2019-10-08: Reminded manufacturer of the upcoming release of the security advisory 2019-10-18: Discussed details of coordinated disclosure with manufacturer 2019-10-21: Public release of security advisory


References:

[1] Product website for Fujitsu Wireless Keyboard Set LX390 (not available anymore)
    http://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx390.html
[2] Data sheet Fujitsu Wireless Keyboard Set LX390
    https://produktinfo.conrad.com/datenblaetter/1300000-1399999/001375431-da-01-en-FUJITSU_DESKTOP_SET_WIREL_LX390_WEISS.pdf
[3] Product website for Crazyradio PA
    https://www.bitcraze.io/crazyradio-pa/
[4] Bastille's nRF24 research firmware and tools
    https://github.com/BastilleResearch/nrf-research-firmware
[5] Product website for Fujitsu Wireless Keyboard Set LX410
    https://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx410.html
[6] Product website for Fujitsu Wireless Keyboard Set LX960
    https://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx960.html
[7] SySS Security Advisory SYSS-2019-009
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt
[8] SySS Responsible Disclosure Policy
    https://www.syss.de/en/responsible-disclosure-policy/

Credits:

This security vulnerability was found by Matthias Deeg of SySS GmbH.

E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB


Disclaimer:

The information provided in this security advisory is provided "as is" 
and without warranty of any kind. Details of this security advisory may 
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web 
site.

Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAl2wGtYACgkQ2aS/ajSt TasSMQ//bCaFN+1NLjXqLWcRfYUcdP+9leDesfPRdEWOuItrLzCxhN3BaSeQJoxc F/U8jct5qnw7Ybc1NMNlzIMjyqThp00gZkmllLLrhQpmbl88KowrFalhfqnpwvQU oOemWt0H7RhFpYY9qa+P1ZXQIahziIh9aPbSCXnEjnxBzf+i8kY13xmYJx5j8APY zoU7IAWU0Ec6LHTZeNfy5KZc7n6jfsFH8qQunoKTzdPvA6VeLav0N/3blYJMWla7 OkOyqm37h7X8wCa16/E5caNTWuPdkXnVORGYk7QgzTk8bOnge+3alFWx5xkH2Chl JjLu/RijcYauSrk6/TLDQcSk9xAAbPTk3xgbJPmmo6o+TqMp6EbELuSJ+g9i0ItJ qqPVa/bgGWAS3EQdSLR4BVL7p9mpyajtUiOyonqb14gpNHKl0k8klrv424oBsEqb XhloBSH5jEvByAch/E8rMuncxXVOvADhDyLZTJ+OXpNdtmKFMg3d5WP7cgArs4b+ sia6aCr2OAp5iXL34nSl9ruQr2UzueMy3SnIgt44EfccwlqvNmb8RRuMfQ0cgBPZ D8AGupbz6ecLmMyINWA3FTh0i9H1WZUIO0XT3vJsOW+Bg1tglrPQYrASQNi6yz7U +2j/v0u1/zcHLzwWpdjc982E7fcb/BxRbKY6jfwnyhQSvMAg9Eo= =ZCt8 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0869",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "lx390",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "wireless keyboard set lx390",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "gk381"
      },
      {
        "model": "wireless keyboard set lx390 gk381",
        "scope": null,
        "trust": 0.6,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "lx390",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fujitsu",
        "version": "gk381"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:fujitsu:lx390_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matthias Deeg",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154954"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-18199",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2019-18199",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-38496",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.7,
            "id": "CVE-2019-18199",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.6,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-18199",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-18199",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-18199",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-38496",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-1433",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks. Fujitsu Wireless Keyboard Set LX390 In the device Capture-replay There is a vulnerability related to authentication bypass by.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \n\nA security vulnerability exists in the Fujitsu Wireless Keyboard Set LX390 GK381, which is caused by the program not properly encrypting 2.4 communications. An attacker could exploit the vulnerability implement replay attack. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2019-009\nProduct: Wireless Keyboard Set LX390\nManufacturer: Fujitsu\nAffected Version(s): Model No. GK381\nTested Version(s): Model No. GK381\nVulnerability Type: Cryptographic Issues (CWE-310)\n                    Missing Protection against Replay Attacks\nRisk Level: Medium\nSolution Status: Open (product reached end-of-life (EOL) in May 2019)\nManufacturer Notification: 2019-03-22\nSolution Date: -\nPublic Disclosure: 2019-10-23\nCVE Reference: CVE-2019-18199\nAuthor of Advisory: Matthias Deeg (SySS GmbH)\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nFujitsu Wireless Keyboard Set LX390 is a wireless desktop set consisting\nof a mouse and a keyboard. \n\nThe manufacturer describes the product as follows (see [1, 2]):\n\n\"The Wireless Keyboard Set LX390 is an excellent desktop solution for\nusers with ambition. This durable keyboard set is equipped with secure\n2.4 GHz technology and plug and play technology. The elegant mouse\nworks on most surfaces due to its precise 1000 dpi sensor. It offers\nfabulous features and ultra slim, portable design.\"\n\nDue to an insecure implementation of the data communication, the\nwireless keyboard LX390 is vulnerable to replay attacks. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nVulnerability Details:\n\nSySS GmbH found out that the wireless keyboard Fujitsu LX390 is prone to\nreplay attacks. \n\nAn attacker can simply sniff the data packets of the 2.4 GHz radio\ncommunication sent by the keyboard to the receiver (USB dongle) and\nreplay the recorded communication data at will causing the same effect\nas the original data communication. \n\nA replay attack against the keyboard can, for example, be used to gain\nunauthorized access to a computer system that is operated with a\nvulnerable Fujitsu LX390 keyboard. In this attack scenario, an attacker\nrecords the radio communication during a password-based user\nauthentication of his or her victim, for instance during a login to the\noperating system or during unlocking a screen lock. At an opportune\nmoment when the victim\u0027s computer system is unattended, the attacker\napproaches the victim\u0027s computer and replays the previously recorded\ndata communication for the password-based user authentication and\nthereby gets unauthorized access to the victim\u0027s system. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nSySS GmbH could successfully perform a replay attack as described in the\nprevious section using a software-defined radio in combination with the\nsoftware tool GNU Radio Companion. \n\nIt was also possible to perform successful replay attacks using an\nin-house developed software tool in combination with the USB radio\ndongle Crazyradio PA and the nrf-research-firmware by Bastille Networks\nInternet Security written by Marc Newlin (see [3] and [4]). \n\nSySS recommends replacing LX390 wireless keyboard sets used in\nenvironments with higher security demands, for instance with one of the\nnewer successor models LX410 or LX960. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2019-03-22: Vulnerability reported to manufacturer\n2019-03-23: Fujitsu confirms receipt of security advisory\n2019-04-02: Received question from manufacturer and answered them\n2019-04-11: Received further questions from manufacturer\n2019-04-18: Answered open questions and postponed disclosure date\n2019-10-08: Reminded manufacturer of the upcoming release of the\n            security advisory\n2019-10-18: Discussed details of coordinated disclosure with manufacturer\n2019-10-21: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for Fujitsu Wireless Keyboard Set LX390 (not available anymore)\n    http://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx390.html\n[2] Data sheet Fujitsu Wireless Keyboard Set LX390\n    https://produktinfo.conrad.com/datenblaetter/1300000-1399999/001375431-da-01-en-FUJITSU_DESKTOP_SET_WIREL_LX390_WEISS.pdf\n[3] Product website for Crazyradio PA\n    https://www.bitcraze.io/crazyradio-pa/\n[4] Bastille\u0027s nRF24 research firmware and tools\n    https://github.com/BastilleResearch/nrf-research-firmware\n[5] Product website for Fujitsu Wireless Keyboard Set LX410\n    https://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx410.html\n[6] Product website for Fujitsu Wireless Keyboard Set LX960\n    https://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx960.html\n[7] SySS Security Advisory SYSS-2019-009\n    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt\n[8] SySS Responsible Disclosure Policy\n    https://www.syss.de/en/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Matthias Deeg of SySS GmbH. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\" \nand without warranty of any kind. Details of this security advisory may \nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web \nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAl2wGtYACgkQ2aS/ajSt\nTasSMQ//bCaFN+1NLjXqLWcRfYUcdP+9leDesfPRdEWOuItrLzCxhN3BaSeQJoxc\nF/U8jct5qnw7Ybc1NMNlzIMjyqThp00gZkmllLLrhQpmbl88KowrFalhfqnpwvQU\noOemWt0H7RhFpYY9qa+P1ZXQIahziIh9aPbSCXnEjnxBzf+i8kY13xmYJx5j8APY\nzoU7IAWU0Ec6LHTZeNfy5KZc7n6jfsFH8qQunoKTzdPvA6VeLav0N/3blYJMWla7\nOkOyqm37h7X8wCa16/E5caNTWuPdkXnVORGYk7QgzTk8bOnge+3alFWx5xkH2Chl\nJjLu/RijcYauSrk6/TLDQcSk9xAAbPTk3xgbJPmmo6o+TqMp6EbELuSJ+g9i0ItJ\nqqPVa/bgGWAS3EQdSLR4BVL7p9mpyajtUiOyonqb14gpNHKl0k8klrv424oBsEqb\nXhloBSH5jEvByAch/E8rMuncxXVOvADhDyLZTJ+OXpNdtmKFMg3d5WP7cgArs4b+\nsia6aCr2OAp5iXL34nSl9ruQr2UzueMy3SnIgt44EfccwlqvNmb8RRuMfQ0cgBPZ\nD8AGupbz6ecLmMyINWA3FTh0i9H1WZUIO0XT3vJsOW+Bg1tglrPQYrASQNi6yz7U\n+2j/v0u1/zcHLzwWpdjc982E7fcb/BxRbKY6jfwnyhQSvMAg9Eo=\n=ZCt8\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "db": "PACKETSTORM",
        "id": "154954"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-18199",
        "trust": 3.1
      },
      {
        "db": "PACKETSTORM",
        "id": "154954",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "db": "PACKETSTORM",
        "id": "154954"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "id": "VAR-201910-0869",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:55:25.651000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.fujitsu.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-294",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://packetstormsecurity.com/files/154954/fujitsu-wireless-keyboard-set-lx390-replay-attacks.html"
      },
      {
        "trust": 2.4,
        "url": "https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/"
      },
      {
        "trust": 1.7,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-009.txt"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18199"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18199"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by/3.0/deed.en"
      },
      {
        "trust": 0.1,
        "url": "http://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx390.html"
      },
      {
        "trust": 0.1,
        "url": "https://produktinfo.conrad.com/datenblaetter/1300000-1399999/001375431-da-01-en-fujitsu_desktop_set_wirel_lx390_weiss.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/en/responsible-disclosure-policy/"
      },
      {
        "trust": 0.1,
        "url": "https://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx960.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/keyboard-lx410.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.bitcraze.io/crazyradio-pa/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/bastilleresearch/nrf-research-firmware"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "db": "PACKETSTORM",
        "id": "154954"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "db": "PACKETSTORM",
        "id": "154954"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "date": "2019-11-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "date": "2019-10-23T20:03:01",
        "db": "PACKETSTORM",
        "id": "154954"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      },
      {
        "date": "2019-10-24T14:15:11.393000",
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-38496"
      },
      {
        "date": "2019-11-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      },
      {
        "date": "2019-11-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      },
      {
        "date": "2024-11-21T04:32:48.913000",
        "db": "NVD",
        "id": "CVE-2019-18199"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fujitsu Wireless Keyboard Set LX390 In the device  Capture-replay Authentication bypass vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-011446"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-1433"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-18199 (GCVE-0-2019-18199)

CNVD-2019-38496

FKIE_CVE-2019-18199

GHSA-4W38-QPR9-G5QM

GSD-2019-18199

VAR-201910-0869

Tags

Sightings

Nomenclature