CVE-2019-18201

Current Description

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.

Basic Data

PublishedOctober 24, 2019
Last ModifiedNovember 01, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-311
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSFujitsuLx390 Firmware-*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareFujitsuLx390gk381*******

Vulnerable Software List

VendorProductVersions
Fujitsu Lx390 Firmware -

References

NameSourceURLTags
http://packetstormsecurity.com/files/154955/Fujitsu-Wireless-Keyboard-Set-LX390-Missing-Encryption.htmlhttp://packetstormsecurity.com/files/154955/Fujitsu-Wireless-Keyboard-Set-LX390-Missing-Encryption.hMISCExploit Third Party Advisory VDB Entry
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-010.txthttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-010.txtMISCExploit Third Party Advisory
https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-iMISCThird Party Advisory