Vulnerability-Lookup

CVE-2019-12506 (GCVE-0-2019-12506)

Vulnerability from cvelistv5 – Published: 2019-06-07 20:26 – Updated: 2024-08-04 23:24

Summary

Severity

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

4 references

URL	Tags
https://www.syss.de/fileadmin/dokumente/Publikati…	x_refsource_MISC
https://seclists.org/bugtraq/2019/Jun/4	mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/153186/Logit…	x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jun/15	mailing-listx_refsource_FULLDISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:37.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
          },
          {
            "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
          },
          {
            "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-11T19:06:08.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
        },
        {
          "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
        },
        {
          "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
            },
            {
              "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/4"
            },
            {
              "name": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
            },
            {
              "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12506",
    "datePublished": "2019-06-07T20:26:42.000Z",
    "dateReserved": "2019-05-31T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:24:37.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-12506",
      "date": "2026-06-04",
      "epss": "0.00521",
      "percentile": "0.67212"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-12506\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-07T21:29:02.277\",\"lastModified\":\"2024-11-21T04:22:59.737\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device.\"},{\"lang\":\"es\",\"value\":\"Debido a la comunicaci\u00f3n de datos no cifrada y no autenticada, el presentador inal\u00e1mbrico Logitech R700 Laser Presentation Remote versi\u00f3n R-R0010 es propenso a los ataques de inyecci\u00f3n de pulsaciones de teclas (keystroke injection). Por lo tanto, un atacante puede enviar pulsaciones arbitrarias al sistema inform\u00e1tico de la v\u00edctima, por ejemplo, para instalar malware cuando el sistema de destino est\u00e1 desatendido. De esta manera, un atacante puede tomar el control remoto de la computadora de la v\u00edctima que se opera con un receptor afectado de este dispositivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"},{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd802xm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC0A809F-5F08-41CB-85A2-2081C2C20102\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd904xm:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"064D8FDB-3C87-4ECB-8B63-BF60CA5080F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:logitech:r700_laser_presentation_remote:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BF98954-5D1F-42EE-A7E1-7076118C403F\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/15\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://seclists.org/bugtraq/2019/Jun/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-17495

Vulnerability from cnvd - Published: 2019-06-15

Title

Logitech R700 Laser Presentation Remote R-R0010注入漏洞

Description

Logitech R700 Laser Presentation Remote R-R0010是瑞士罗技（Logitech）公司的一款无线演示遥控器。 Logitech R700 Laser Presentation Remote R-R0010中存在注入漏洞。该漏洞源于用户输入构造命令、数据结构或记录的操作过程中，网络系统或产品缺乏对用户输入数据的正确验证，未过滤或未正确过滤掉其中的特殊元素，导致系统或产品产生解析或解释方式错误。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.logitech.com/

Reference

https://seclists.org/bugtraq/2019/Jun/4

Impacted products

Name
Logitech R700 Laser Presentation Remote R-R0010

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12506"
    }
  },
  "description": "Logitech R700 Laser Presentation Remote R-R0010\u662f\u745e\u58eb\u7f57\u6280\uff08Logitech\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u6f14\u793a\u9065\u63a7\u5668\u3002\n\nLogitech R700 Laser Presentation Remote R-R0010\u4e2d\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u8f93\u5165\u6784\u9020\u547d\u4ee4\u3001\u6570\u636e\u7ed3\u6784\u6216\u8bb0\u5f55\u7684\u64cd\u4f5c\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7f3a\u4e4f\u5bf9\u7528\u6237\u8f93\u5165\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\uff0c\u672a\u8fc7\u6ee4\u6216\u672a\u6b63\u786e\u8fc7\u6ee4\u6389\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u5bfc\u81f4\u7cfb\u7edf\u6216\u4ea7\u54c1\u4ea7\u751f\u89e3\u6790\u6216\u89e3\u91ca\u65b9\u5f0f\u9519\u8bef\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.logitech.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-17495",
  "openTime": "2019-06-15",
  "products": {
    "product": "Logitech R700 Laser Presentation Remote R-R0010"
  },
  "referenceLink": "https://seclists.org/bugtraq/2019/Jun/4",
  "serverity": "\u9ad8",
  "submitTime": "2019-06-05",
  "title": "Logitech R700 Laser Presentation Remote R-R0010\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2019-12506

Vulnerability from fkie_nvd - Published: 2019-06-07 21:29 - Updated: 2024-11-21 04:22

Severity

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jun/15
cve@mitre.org	https://seclists.org/bugtraq/2019/Jun/4	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jun/15
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/bugtraq/2019/Jun/4	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
logitech	r700_laser_presentation_remote_firmware	wd802xm
logitech	r700_laser_presentation_remote_firmware	wd904xm
logitech	r700_laser_presentation_remote	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd802xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0A809F-5F08-41CB-85A2-2081C2C20102",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd904xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "064D8FDB-3C87-4ECB-8B63-BF60CA5080F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:logitech:r700_laser_presentation_remote:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BF98954-5D1F-42EE-A7E1-7076118C403F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device."
    },
    {
      "lang": "es",
      "value": "Debido a la comunicaci\u00f3n de datos no cifrada y no autenticada, el presentador inal\u00e1mbrico Logitech R700 Laser Presentation Remote versi\u00f3n R-R0010 es propenso a los ataques de inyecci\u00f3n de pulsaciones de teclas (keystroke injection). Por lo tanto, un atacante puede enviar pulsaciones arbitrarias al sistema inform\u00e1tico de la v\u00edctima, por ejemplo, para instalar malware cuando el sistema de destino est\u00e1 desatendido. De esta manera, un atacante puede tomar el control remoto de la computadora de la v\u00edctima que se opera con un receptor afectado de este dispositivo."
    }
  ],
  "id": "CVE-2019-12506",
  "lastModified": "2024-11-21T04:22:59.737",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-07T21:29:02.277",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        },
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-P39J-W96R-4XWQ

Vulnerability from github – Published: 2022-05-24 16:47 – Updated: 2022-05-24 16:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-12506"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-07T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device.",
  "id": "GHSA-p39j-w96r-4xwq",
  "modified": "2022-05-24T16:47:36Z",
  "published": "2022-05-24T16:47:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12506"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Jun/4"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-12506

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-12506

Aliases

CVE-2019-12506

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-12506",
    "description": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device.",
    "id": "GSD-2019-12506"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-12506"
      ],
      "details": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device.",
      "id": "GSD-2019-12506",
      "modified": "2023-12-13T01:23:43.765591Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-12506",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt",
            "refsource": "MISC",
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
          },
          {
            "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "https://seclists.org/bugtraq/2019/Jun/4"
          },
          {
            "name": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
          },
          {
            "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd802xm:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd904xm:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:r700_laser_presentation_remote:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12506"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                },
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
            },
            {
              "name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory",
                "Exploit"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/4"
            },
            {
              "name": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
            },
            {
              "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2019/Jun/15"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-06-07T21:29Z"
    }
  }
}

VAR-201906-0254

Vulnerability from variot - Updated: 2024-11-23 22:06

Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device. The LogitechR700LaserPresentationRemoteR-R0010 is a wireless demonstration remote control from Logitech, Switzerland. An injection vulnerability exists in the LogitechR700LaserPresentationRemoteR-R0010. The vulnerability stems from the user's input of constructing commands, data structures, or records. The network system or product lacks proper verification of user input data, unfiltered or improperly filtered out special elements, resulting in system or product resolution or The explanation is wrong. Wrong way of interpreting. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Advisory ID: SYSS-2019-015 Product: R700 Laser Presentation Remote Manufacturer: Logitech Affected Version(s): Model R-R0010 (PID WD904XM and PID WD802XM) Tested Version(s): Model R-R0010 (PID WD904XM and PID WD802XM) Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-12 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12506 Author of Advisory: Matthias Deeg (SySS GmbH)


Overview:

Logitech R700 Laser Presentation Remote is a wireless presenter using
2.4 GHz radio communication. By knowing
the used data protocol, it is possible to inject packets in the data
communication that are actually interpreted as keystrokes by the
receiver on the target system. 

The following output of the developed proof-of-concept software tool
illustrates a successful attack:

# python2 logitech_presenter.py -a 7F:20:9E:C2:07
        _____  ______ ___  _  _     _____  _                      _  
       |  __ \|  ____|__ \| || |   |  __ \| |                    | |     
  _ __ | |__) | |__     ) | || |_  | |__) | | __ _ _   _ ___  ___| |_       
 | '_ \|  _  /|  __|   / /|__   _| |  ___/| |/ _` | | | / __|/ _ \ __|    
 | | | | | \ \| |     / /_   | |   | |    | | (_| | |_| \__ \  __/ |_   
 |_| |_|_|  \_\_|    |____|  |_|   |_|    |_|\__,_|\__, |___/\___|\__|
                                                    __/ |             
                                                   |___/              
Logitech Wireless Presenter Attack Tool v1.0 by Matthias Deeg - SySS GmbH (c) 2016
[*] Configure nRF24 radio
[*] Actively searching for address 07:C2:9E:20:7F
[*] Ping success on channel 8
[*] Ping success on channel 8
[*] Press <CTRL+C> to start keystroke injection
^C
[*] Start keystroke injection ... 
[*] Done.

Solution:

SySS GmbH is not aware of a solution for this reported security vulnerability.


Disclosure Timeline:

2019-04-12: Vulnerability reported to manufacturer
2019-06-04: Public release of security advisory

References:

[1] Product website for Logitech R700 https://www.logitech.com/en-roeu/product/professional-presenter-r700 [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] Bastille's nRF24 research firmware and tools https://github.com/BastilleResearch/nrf-research-firmware [4] SySS Security Advisory SYSS-2016-074 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-074.txt [5] SySS Security Advisory SYSS-2019-015 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt [6] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/


Credits:

This security vulnerability was found by Matthias Deeg of SySS GmbH. 

E-Mail: matthias.deeg (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

Disclaimer:

The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlz03CQACgkQ2aS/ajSt TauaVw/8CVXlyjP8Y1ngNcAzZzq+THJb5wRsjpe7bMdD3mEi3AQTxt9y+REQO95k xP+D2LvgCopG1k7opQ6iH+4nmgOmy2cYx9XhitBHTr/QZ6xKgCm/eTtNGMrTT2pF SS+/n/5dbPTwQk2VXi0py+QMxp+21u/vt/ftmQYPy2lMqcVftJ/G/ANzxUQEFy7D Nk/tNg6ev68JmarCKu0c0vDMghW8mnt1tQVe1yxjHs7zDYJVkUCwT/iHPbQ1Wbfq uJ5TAvZ/czMoSeGBl0H1vrPnU855MOjIwPJcrQJj9eMFdPilTir9svEw4+ngYxv8 55yMagHYPUUs/OiluPfSoXagw+f6bQZQi7YBhCMo3DVUFZbDij9r+kpijOMD8oEB b/76A8B+rfyjpzOm1A6eR3qFfTP65XXVZyd8+Rb7K/zyPoXoSS4WbMnpyGQ+BiWP 9VsrOshEeO3EqetVbgQURbzvs9FZjPRPBurF1y5ujrYksIs+LdQzoqlMR6r+EHTd Atzr10S6W7usTwtvl97luEteOrmjv2lgPpLz0R7bLhSyOJo+mCl75CunKDaWIyPm zTW+v5wWNcrEiTQyP/zmahkZO3YXKOqXlaLE9rs2Q2V9uuimenCR7MIoKHNLtKiv +lHVKdRMw2Cqmet/sTpRWSYGPnxm/DbxVyy8YUCZl/iDTyEQHAk= =8Kcd -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0254",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "r700 laser presentation remote",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": "wd802xm"
      },
      {
        "model": "r700 laser presentation remote",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": "wd904xm"
      },
      {
        "model": "r700 laser presentation remote",
        "scope": null,
        "trust": 0.8,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "r700 laser presentation remote r-r0010",
        "scope": null,
        "trust": 0.6,
        "vendor": "logitech",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:logitech:r700_laser_presentation_remote_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matthias Deeg",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "153186"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2019-12506",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2019-12506",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2019-17495",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.5,
            "id": "VHN-144259",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-12506",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-12506",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-12506",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-17495",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-337",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-144259",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim\u0027s computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim\u0027s computer that is operated with an affected receiver of this device. The LogitechR700LaserPresentationRemoteR-R0010 is a wireless demonstration remote control from Logitech, Switzerland. An injection vulnerability exists in the LogitechR700LaserPresentationRemoteR-R0010. The vulnerability stems from the user\u0027s input of constructing commands, data structures, or records. The network system or product lacks proper verification of user input data, unfiltered or improperly filtered out special elements, resulting in system or product resolution or The explanation is wrong. Wrong way of interpreting. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2019-015\nProduct: R700 Laser Presentation Remote\nManufacturer: Logitech\nAffected Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)\nTested Version(s): Model R-R0010 (PID WD904XM and PID WD802XM)\nVulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)\n                    Keystroke Injection Vulnerability\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2019-04-12\nSolution Date: -\nPublic Disclosure: 2019-06-04\nCVE Reference: CVE-2019-12506\nAuthor of Advisory: Matthias Deeg (SySS GmbH)\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nLogitech R700 Laser Presentation Remote is a wireless presenter using\n2.4 GHz radio communication. By knowing\nthe used data protocol, it is possible to inject packets in the data\ncommunication that are actually interpreted as keystrokes by the\nreceiver on the target system. \n\nThe following output of the developed proof-of-concept software tool\nillustrates a successful attack:\n\n# python2 logitech_presenter.py -a 7F:20:9E:C2:07\n        _____  ______ ___  _  _     _____  _                      _  \n       |  __ \\|  ____|__ \\| || |   |  __ \\| |                    | |     \n  _ __ | |__) | |__     ) | || |_  | |__) | | __ _ _   _ ___  ___| |_       \n | \u0027_ \\|  _  /|  __|   / /|__   _| |  ___/| |/ _` | | | / __|/ _ \\ __|    \n | | | | | \\ \\| |     / /_   | |   | |    | | (_| | |_| \\__ \\  __/ |_   \n |_| |_|_|  \\_\\_|    |____|  |_|   |_|    |_|\\__,_|\\__, |___/\\___|\\__|\n                                                    __/ |             \n                                                   |___/              \nLogitech Wireless Presenter Attack Tool v1.0 by Matthias Deeg - SySS GmbH (c) 2016\n[*] Configure nRF24 radio\n[*] Actively searching for address 07:C2:9E:20:7F\n[*] Ping success on channel 8\n[*] Ping success on channel 8\n[*] Press \u003cCTRL+C\u003e to start keystroke injection\n^C\n[*] Start keystroke injection ... \n[*] Done. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2019-04-12: Vulnerability reported to manufacturer\n2019-06-04: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for Logitech R700\n    https://www.logitech.com/en-roeu/product/professional-presenter-r700\n[2] Product website for Crazyradio PA\n    https://www.bitcraze.io/crazyradio-pa/\n[3] Bastille\u0027s nRF24 research firmware and tools\n    https://github.com/BastilleResearch/nrf-research-firmware\n[4] SySS Security Advisory SYSS-2016-074\n    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-074.txt\n[5] SySS Security Advisory SYSS-2019-015\n    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt\n[6] SySS Responsible Disclosure Policy\n    https://www.syss.de/en/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Matthias Deeg of SySS GmbH. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\" \nand without warranty of any kind. Details of this security advisory may \nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web \nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlz03CQACgkQ2aS/ajSt\nTauaVw/8CVXlyjP8Y1ngNcAzZzq+THJb5wRsjpe7bMdD3mEi3AQTxt9y+REQO95k\nxP+D2LvgCopG1k7opQ6iH+4nmgOmy2cYx9XhitBHTr/QZ6xKgCm/eTtNGMrTT2pF\nSS+/n/5dbPTwQk2VXi0py+QMxp+21u/vt/ftmQYPy2lMqcVftJ/G/ANzxUQEFy7D\nNk/tNg6ev68JmarCKu0c0vDMghW8mnt1tQVe1yxjHs7zDYJVkUCwT/iHPbQ1Wbfq\nuJ5TAvZ/czMoSeGBl0H1vrPnU855MOjIwPJcrQJj9eMFdPilTir9svEw4+ngYxv8\n55yMagHYPUUs/OiluPfSoXagw+f6bQZQi7YBhCMo3DVUFZbDij9r+kpijOMD8oEB\nb/76A8B+rfyjpzOm1A6eR3qFfTP65XXVZyd8+Rb7K/zyPoXoSS4WbMnpyGQ+BiWP\n9VsrOshEeO3EqetVbgQURbzvs9FZjPRPBurF1y5ujrYksIs+LdQzoqlMR6r+EHTd\nAtzr10S6W7usTwtvl97luEteOrmjv2lgPpLz0R7bLhSyOJo+mCl75CunKDaWIyPm\nzTW+v5wWNcrEiTQyP/zmahkZO3YXKOqXlaLE9rs2Q2V9uuimenCR7MIoKHNLtKiv\n+lHVKdRMw2Cqmet/sTpRWSYGPnxm/DbxVyy8YUCZl/iDTyEQHAk=\n=8Kcd\n-----END PGP SIGNATURE-----\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-12506"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "db": "PACKETSTORM",
        "id": "153186"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-12506",
        "trust": 3.2
      },
      {
        "db": "PACKETSTORM",
        "id": "153186",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-337",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-144259",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "db": "PACKETSTORM",
        "id": "153186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "id": "VAR-201906-0254",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "VULHUB",
        "id": "VHN-144259"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:06:10.997000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "R700 Laser Presentation Remote",
        "trust": 0.8,
        "url": "https://www.logicool.co.jp/ja-jp/product/professional-presenter-r700"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-319",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-74",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://packetstormsecurity.com/files/153186/logitech-r700-laser-presentation-remote-keystroke-injection.html"
      },
      {
        "trust": 2.3,
        "url": "https://seclists.org/bugtraq/2019/jun/4"
      },
      {
        "trust": 1.8,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-015.txt"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2019/jun/15"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12506"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12506"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by/3.0/deed.en"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2016-074.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/en/responsible-disclosure-policy/"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.logitech.com/en-roeu/product/professional-presenter-r700"
      },
      {
        "trust": 0.1,
        "url": "https://www.bitcraze.io/crazyradio-pa/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/bastilleresearch/nrf-research-firmware"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "db": "PACKETSTORM",
        "id": "153186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "db": "PACKETSTORM",
        "id": "153186"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "date": "2019-06-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "date": "2019-06-04T21:00:26",
        "db": "PACKETSTORM",
        "id": "153186"
      },
      {
        "date": "2019-06-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      },
      {
        "date": "2019-06-07T21:29:02.277000",
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-144259"
      },
      {
        "date": "2019-06-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      },
      {
        "date": "2020-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      },
      {
        "date": "2024-11-21T04:22:59.737000",
        "db": "NVD",
        "id": "CVE-2019-12506"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Logitech R700 Laser Presentation Remote R-R0010 Injection Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-17495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005412"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-337"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-12506 (GCVE-0-2019-12506)

CNVD-2019-17495

FKIE_CVE-2019-12506

GHSA-P39J-W96R-4XWQ

GSD-2019-12506

VAR-201906-0254

Tags

Sightings

Nomenclature