Vulnerability Note VU#981271
Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol
Wireless keyboard and mouse devices from multiple vendors use proprietary wireless protocols that are not properly secured.
CWE-311: Missing Encryption of Sensitive Data
Multiple wireless input devices (keyboard and mouse) use a proprietary wireless protocol on the 2.4 GHz ISM band that lacks proper encryption. An attacker within wireless transmission range can inject keystrokes or read keystroke data, or cause the victim's device to pair with a new input device. Wireless range on these models varies but is typically a few meters within a home.
An attacker within wireless transmission range can inject keystrokes on the victim's device, or cause the victim's device to pair with a new input device.
Update device firmware
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Logitech||Affected||-||26 Feb 2016|
|Amazon||Unknown||-||24 Feb 2016|
|Dell||Unknown||-||24 Feb 2016|
|HP Inc.||Unknown||-||24 Feb 2016|
|Lenovo||Unknown||-||24 Feb 2016|
|Microsoft Corporation||Unknown||-||24 Feb 2016|
|Tecknet||Unknown||01 Mar 2016||01 Mar 2016|
CVSS Metrics (Learn More)
Thanks to Marc Newlin of Bastille Threat Research Team for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: Unknown
- Date Public: 23 Feb 2016
- Date First Published: 24 Feb 2016
- Date Last Updated: 01 Mar 2016
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.