Sign-up

ID

VAR-201906-0701


CVE

CVE-2016-10761


TITLE

Logitech Unifying Device injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2016-009358 // CNNVD: CNNVD-201906-1139

DESCRIPTION

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. Input devices such as wireless keyboards and mice provided by multiple developers use proprietary, unsafe wireless communication protocols. The problem of not encrypting sensitive data (CWE-311) Multiple wireless connection input devices ( Keyboard, mouse, etc. ) Is 2.4GHz band (ISM band ) It implements its own wireless communication protocol that uses, and there is a deficiency in communication encryption in this protocol. An attacker within range of wireless communication can send keystrokes to the user's device, intercept what is typed on the keyboard, or pair the user's device with another input device . The effective range of wireless communication varies depending on the device, but it is usually several meters for indoor use. CWE-311: Missing Encryption of Sensitive Data http://cwe.mitre.org/data/definitions/311.html Discoverers have released an advisory with more information and launched a website. Advisory https://github.com/RFStorm/mousejack/tree/master/doc/advisories website https://www.mousejack.com/An attacker within wireless range could enter keys on your device, intercept your keystrokes, or pair other input devices. Logitech Unifying is a USB signal receiver from Logitech, Switzerland. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

Trust: 3.24

sources: NVD: CVE-2016-10761 // CERT/CC: VU#981271 // JVNDB: JVNDB-2016-009358 // JVNDB: JVNDB-2016-001515 // VULHUB: VHN-89570 // VULMON: CVE-2016-10761

AFFECTED PRODUCTS

vendor:logitechmodel:k750scope:eqversion: -

Trust: 1.0

vendor:logitechmodel:k360scope:eqversion: -

Trust: 1.0

vendor:logitechmodel:unifying receiverscope:eqversion:012.001.00019

Trust: 1.0

vendor:logitechmodel:unifying receiverscope:eqversion:012.003.00025

Trust: 1.0

vendor:logitechmodel:k830scope:eqversion: -

Trust: 1.0

vendor:logitechmodel:k400rscope:eqversion: -

Trust: 1.0

vendor:logitechmodel: - scope: - version: -

Trust: 0.8

vendor:logitechmodel:k360scope: - version: -

Trust: 0.8

vendor:logitechmodel:k400rscope: - version: -

Trust: 0.8

vendor:logitechmodel:k750scope: - version: -

Trust: 0.8

vendor:logitechmodel:k830scope: - version: -

Trust: 0.8

vendor:logitechmodel:unifying receiverscope:eqversion:2016/02/26

Trust: 0.8

vendor:multiple vendorsmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#981271 // JVNDB: JVNDB-2016-009358 // JVNDB: JVNDB-2016-001515 // NVD: CVE-2016-10761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10761
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-10761
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2016-001515
value: LOW

Trust: 0.8

CNNVD: CNNVD-201906-1139
value: MEDIUM

Trust: 0.6

VULHUB: VHN-89570
value: LOW

Trust: 0.1

VULMON: CVE-2016-10761
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-10761
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

IPA: JVNDB-2016-001515
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-89570
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10761
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-89570 // VULMON: CVE-2016-10761 // JVNDB: JVNDB-2016-009358 // JVNDB: JVNDB-2016-001515 // CNNVD: CNNVD-201906-1139 // NVD: CVE-2016-10761

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-89570 // JVNDB: JVNDB-2016-009358 // JVNDB: JVNDB-2016-001515 // NVD: CVE-2016-10761

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-1139

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-1139

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009358

PATCH
title:Top Pageurl:https://www.logitech.com/en-us
Trust: 0.8
title:Mice and Pointing Devicesurl:http://forums.logitech.com/t5/Mice-and-Pointing-Devices/Logitech-Response-to-Unifying-Receiver-Research-Findings/td-p/1493878
Trust: 0.8
title:Logitech Unifying Fixes for device encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94232
Trust: 0.6
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-10761 // 
            
            
            
            JVNDB: JVNDB-2016-009358 // 
            
            
            
            JVNDB: JVNDB-2016-001515 // 
            
            
            
            CNNVD: CNNVD-201906-1139

EXTERNAL IDS
db:CERT/CCid:VU#981271
Trust: 4.2
db:NVDid:CVE-2016-10761
Trust: 2.6
db:JVNDBid:JVNDB-2016-009358
Trust: 0.8
db:JVNid:JVNVU99797968
Trust: 0.8
db:JVNDBid:JVNDB-2016-001515
Trust: 0.8
db:CNNVDid:CNNVD-201906-1139
Trust: 0.7
db:VULHUBid:VHN-89570
Trust: 0.1
db:VULMONid:CVE-2016-10761
Trust: 0.1
sources:
            
            
            CERT/CC: VU#981271 // 
            
            
            
            VULHUB: VHN-89570 // 
            
            
            
            VULMON: CVE-2016-10761 // 
            
            
            
            JVNDB: JVNDB-2016-009358 // 
            
            
            
            JVNDB: JVNDB-2016-001515 // 
            
            
            
            CNNVD: CNNVD-201906-1139 // 
            
            
            
            NVD: CVE-2016-10761

REFERENCES
url:https://www.kb.cert.org/vuls/id/981271
Trust: 2.6
url:https://github.com/bastilleresearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt
Trust: 1.8
url:https://github.com/rfstorm/mousejack/tree/master/doc/advisories
Trust: 1.6
url:https://www.mousejack.com/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2016-10761
Trust: 1.4
url:https://github.com/rfstorm/mousejack
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/311.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10761
Trust: 0.8
url:https://www.kb.cert.org/vuls/id/981271/
Trust: 0.8
url:http://jvn.jp/cert/jvnvu99797968
Trust: 0.8
url:https://www.bastille.net/affected-devices
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#981271 // 
            
            
            
            VULHUB: VHN-89570 // 
            
            
            
            VULMON: CVE-2016-10761 // 
            
            
            
            JVNDB: JVNDB-2016-009358 // 
            
            
            
            JVNDB: JVNDB-2016-001515 // 
            
            
            
            CNNVD: CNNVD-201906-1139 // 
            
            
            
            NVD: CVE-2016-10761

SOURCES
db:CERT/CCid:VU#981271
db:VULHUBid:VHN-89570
db:VULMONid:CVE-2016-10761
db:JVNDBid:JVNDB-2016-009358
db:JVNDBid:JVNDB-2016-001515
db:CNNVDid:CNNVD-201906-1139
db:NVDid:CVE-2016-10761

LAST UPDATE DATE
2024-11-23T22:33:50.622000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#981271date:2016-03-01T00:00:00
db:VULHUBid:VHN-89570date:2019-07-08T00:00:00
db:VULMONid:CVE-2016-10761date:2019-07-08T00:00:00
db:JVNDBid:JVNDB-2016-009358date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2016-001515date:2016-02-26T00:00:00
db:CNNVDid:CNNVD-201906-1139date:2019-07-10T00:00:00
db:NVDid:CVE-2016-10761date:2024-11-21T02:44:41.157

SOURCES RELEASE DATE
db:CERT/CCid:VU#981271date:2016-02-24T00:00:00
db:VULHUBid:VHN-89570date:2019-06-29T00:00:00
db:VULMONid:CVE-2016-10761date:2019-06-29T00:00:00
db:JVNDBid:JVNDB-2016-009358date:2019-07-09T00:00:00
db:JVNDBid:JVNDB-2016-001515date:2016-02-26T00:00:00
db:CNNVDid:CNNVD-201906-1139date:2019-06-29T00:00:00
db:NVDid:CVE-2016-10761date:2019-06-29T20:15:09.123