Vulnerability-Lookup

CNVD-2019-17495

Vulnerability from cnvd - Published: 2019-06-15

Title

Logitech R700 Laser Presentation Remote R-R0010注入漏洞

Description

Logitech R700 Laser Presentation Remote R-R0010是瑞士罗技（Logitech）公司的一款无线演示遥控器。 Logitech R700 Laser Presentation Remote R-R0010中存在注入漏洞。该漏洞源于用户输入构造命令、数据结构或记录的操作过程中，网络系统或产品缺乏对用户输入数据的正确验证，未过滤或未正确过滤掉其中的特殊元素，导致系统或产品产生解析或解释方式错误。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.logitech.com/

Reference

https://seclists.org/bugtraq/2019/Jun/4

Impacted products

Name
Logitech R700 Laser Presentation Remote R-R0010

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12506"
    }
  },
  "description": "Logitech R700 Laser Presentation Remote R-R0010\u662f\u745e\u58eb\u7f57\u6280\uff08Logitech\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u6f14\u793a\u9065\u63a7\u5668\u3002\n\nLogitech R700 Laser Presentation Remote R-R0010\u4e2d\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u8f93\u5165\u6784\u9020\u547d\u4ee4\u3001\u6570\u636e\u7ed3\u6784\u6216\u8bb0\u5f55\u7684\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u672a\u8fc7\u6ee4\u6216\u672a\u6b63\u786e\u8fc7\u6ee4\u6389\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u5bfc\u81f4\u7cfb\u7edf\u6216\u4ea7\u54c1\u4ea7\u751f\u89e3\u6790\u6216\u89e3\u91ca\u65b9\u5f0f\u9519\u8bef\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.logitech.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-17495",
  "openTime": "2019-06-15",
  "products": {
    "product": "Logitech R700 Laser Presentation Remote R-R0010"
  },
  "referenceLink": "https://seclists.org/bugtraq/2019/Jun/4",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-05",
  "title": "Logitech R700 Laser Presentation Remote R-R0010\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2019-12506 (GCVE-0-2019-12506)

Vulnerability from cvelistv5 – Published: 2019-06-07 20:26 – Updated: 2024-08-04 23:24

Summary

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://www.syss.de/fileadmin/dokumente/Publikati…	x_refsource_MISC
https://seclists.org/bugtraq/2019/Jun/4	mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153186/Logit…	x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jun/15	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
          },
          {
            "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
          },
          {
            "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-11T19:06:08.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
        },
        {
          "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
        },
        {
          "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
            },
            {
              "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/4"
            },
            {
              "name": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
            },
            {
              "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12506",
    "datePublished": "2019-06-07T20:26:42.000Z",
    "dateReserved": "2019-05-31T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:24:37.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-17495

CVE-2019-12506 (GCVE-0-2019-12506)

Tags

Sightings

Nomenclature