Vulnerability-Lookup

CVE-2016-10761 (GCVE-0-2016-10761)

Vulnerability from cvelistv5 – Published: 2019-06-29 19:06 – Updated: 2024-08-06 03:38

Summary

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/BastilleResearch/mousejack/blo…	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/981271	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:38:55.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/981271"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-29T19:06:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kb.cert.org/vuls/id/981271"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10761",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt",
              "refsource": "MISC",
              "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/981271",
              "refsource": "MISC",
              "url": "https://www.kb.cert.org/vuls/id/981271"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10761",
    "datePublished": "2019-06-29T19:06:11.000Z",
    "dateReserved": "2019-06-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:38:55.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-10761",
      "date": "2026-04-25",
      "epss": "0.00074",
      "percentile": "0.22311"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:logitech:k400r_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4A37A95-7710-404E-9172-3C18AD04967A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:logitech:k400r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4209735C-A144-4BDB-8C13-AE988DEEBE13\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:logitech:k360_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"904E02E3-3B6B-454A-87AB-1EBCBA73421E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:logitech:k360:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06CBD49B-6708-4269-BC81-4F08E7C042EE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:logitech:k750_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86B9F603-4755-4E23-AAB5-FFCD59AE919A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:logitech:k750:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C80695A-ED9F-4C9A-BDB9-DE64BF385D51\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:logitech:k830_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB04029C-CDF0-439C-AA2C-27CD811CB81A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:logitech:k830:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"658D7100-E4B8-46A2-9C20-673464315437\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:logitech:unifying_receiver_firmware:012.001.00019:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36FC255B-DE69-4E72-9992-D03D32460C6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:logitech:unifying_receiver_firmware:012.003.00025:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52851742-C9B9-49F7-B3A2-E07A06E41278\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EED6C6A2-619D-4809-8E1F-23D77B94FB31\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.\"}, {\"lang\": \"es\", \"value\": \"Los dispositivos Logitech Unifying anteriores al 26-02-2016, permiten la inyecci\\u00f3n de pulsaciones de teclado (keystroke), omitiendo el cifrado, tambi\\u00e9n se conoce como MouseJack.\"}]",
      "id": "CVE-2016-10761",
      "lastModified": "2024-11-21T02:44:41.157",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 3.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-06-29T20:15:09.123",
      "references": "[{\"url\": \"https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/981271\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/981271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-10761\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-29T20:15:09.123\",\"lastModified\":\"2024-11-21T02:44:41.157\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Logitech Unifying anteriores al 26-02-2016, permiten la inyecci\u00f3n de pulsaciones de teclado (keystroke), omitiendo el cifrado, tambi\u00e9n se conoce como MouseJack.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:k400r_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A37A95-7710-404E-9172-3C18AD04967A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:logitech:k400r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4209735C-A144-4BDB-8C13-AE988DEEBE13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:k360_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"904E02E3-3B6B-454A-87AB-1EBCBA73421E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:logitech:k360:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06CBD49B-6708-4269-BC81-4F08E7C042EE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:k750_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86B9F603-4755-4E23-AAB5-FFCD59AE919A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:logitech:k750:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C80695A-ED9F-4C9A-BDB9-DE64BF385D51\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:k830_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB04029C-CDF0-439C-AA2C-27CD811CB81A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:logitech:k830:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"658D7100-E4B8-46A2-9C20-673464315437\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:unifying_receiver_firmware:012.001.00019:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36FC255B-DE69-4E72-9992-D03D32460C6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:logitech:unifying_receiver_firmware:012.003.00025:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52851742-C9B9-49F7-B3A2-E07A06E41278\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EED6C6A2-619D-4809-8E1F-23D77B94FB31\"}]}]}],\"references\":[{\"url\":\"https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/981271\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/981271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

GSD-2016-10761

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

Aliases

CVE-2016-10761

Aliases

CVE-2016-10761

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-10761",
    "description": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.",
    "id": "GSD-2016-10761"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-10761"
      ],
      "details": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.",
      "id": "GSD-2016-10761",
      "modified": "2023-12-13T01:21:27.004920Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-10761",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt",
            "refsource": "MISC",
            "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/981271",
            "refsource": "MISC",
            "url": "https://www.kb.cert.org/vuls/id/981271"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k400r_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k400r:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k360_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k360:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k750_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k750:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k830_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k830:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:unifying_receiver_firmware:012.001.00019:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:unifying_receiver_firmware:012.003.00025:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10761"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/981271",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.kb.cert.org/vuls/id/981271"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-07-08T14:47Z",
      "publishedDate": "2019-06-29T20:15Z"
    }
  }
}

VAR-201906-0701

Vulnerability from variot - Updated: 2023-12-18 14:05

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. Input devices such as wireless keyboards and mice provided by multiple developers use proprietary, unsafe wireless communication protocols. The problem of not encrypting sensitive data (CWE-311) Multiple wireless connection input devices ( Keyboard, mouse, etc. ) Is 2.4GHz band (ISM band ) It implements its own wireless communication protocol that uses, and there is a deficiency in communication encryption in this protocol. An attacker within range of wireless communication can send keystrokes to the user's device, intercept what is typed on the keyboard, or pair the user's device with another input device . The effective range of wireless communication varies depending on the device, but it is usually several meters for indoor use. CWE-311: Missing Encryption of Sensitive Data http://cwe.mitre.org/data/definitions/311.html Discoverers have released an advisory with more information and launched a website. Advisory https://github.com/RFStorm/mousejack/tree/master/doc/advisories website https://www.mousejack.com/An attacker within wireless range could enter keys on your device, intercept your keystrokes, or pair other input devices. Logitech Unifying is a USB signal receiver from Logitech, Switzerland. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0701",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "k360",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "k830",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "k400r",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "k750",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "unifying receiver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": "012.001.00019"
      },
      {
        "model": "unifying receiver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "logitech",
        "version": "012.003.00025"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "k360",
        "scope": null,
        "trust": 0.8,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "k400r",
        "scope": null,
        "trust": 0.8,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "k750",
        "scope": null,
        "trust": 0.8,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "k830",
        "scope": null,
        "trust": 0.8,
        "vendor": "logitech",
        "version": null
      },
      {
        "model": "unifying receiver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "logitech",
        "version": "2016/02/26"
      },
      {
        "model": "",
        "scope": null,
        "trust": 0.8,
        "vendor": "multiple vendors",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#981271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k400r_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k400r:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k360_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k360:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k750_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k750:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:k830_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:k830:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:unifying_receiver_firmware:012.001.00019:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:logitech:unifying_receiver_firmware:012.003.00025:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      }
    ]
  },
  "cve": "CVE-2016-10761",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-10761",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.9,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-001515",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "VHN-89570",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-10761",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-10761",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2016-001515",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-1139",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-89570",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-10761",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-10761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. Input devices such as wireless keyboards and mice provided by multiple developers use proprietary, unsafe wireless communication protocols. The problem of not encrypting sensitive data (CWE-311) Multiple wireless connection input devices ( Keyboard, mouse, etc. ) Is 2.4GHz band (ISM band ) It implements its own wireless communication protocol that uses, and there is a deficiency in communication encryption in this protocol. An attacker within range of wireless communication can send keystrokes to the user\u0027s device, intercept what is typed on the keyboard, or pair the user\u0027s device with another input device . The effective range of wireless communication varies depending on the device, but it is usually several meters for indoor use. CWE-311: Missing Encryption of Sensitive Data http://cwe.mitre.org/data/definitions/311.html Discoverers have released an advisory with more information and launched a website. Advisory https://github.com/RFStorm/mousejack/tree/master/doc/advisories website https://www.mousejack.com/An attacker within wireless range could enter keys on your device, intercept your keystrokes, or pair other input devices. Logitech Unifying is a USB signal receiver from Logitech, Switzerland. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      },
      {
        "db": "CERT/CC",
        "id": "VU#981271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-10761"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#981271",
        "trust": 4.2
      },
      {
        "db": "NVD",
        "id": "CVE-2016-10761",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU99797968",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-89570",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-10761",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#981271"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-10761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ]
  },
  "id": "VAR-201906-0701",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-89570"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:05:08.049000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.logitech.com/en-us"
      },
      {
        "title": "Mice and Pointing Devices",
        "trust": 0.8,
        "url": "http://forums.logitech.com/t5/mice-and-pointing-devices/logitech-response-to-unifying-receiver-research-findings/td-p/1493878"
      },
      {
        "title": "Logitech Unifying Fixes for device encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94232"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-10761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-74",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.kb.cert.org/vuls/id/981271"
      },
      {
        "trust": 1.8,
        "url": "https://github.com/bastilleresearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/rfstorm/mousejack/tree/master/doc/advisories"
      },
      {
        "trust": 1.6,
        "url": "https://www.mousejack.com/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10761"
      },
      {
        "trust": 0.8,
        "url": "https://github.com/rfstorm/mousejack"
      },
      {
        "trust": 0.8,
        "url": "http://cwe.mitre.org/data/definitions/311.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10761"
      },
      {
        "trust": 0.8,
        "url": "https://www.kb.cert.org/vuls/id/981271/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu99797968"
      },
      {
        "trust": 0.8,
        "url": "https://www.bastille.net/affected-devices"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/74.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#981271"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-10761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#981271"
      },
      {
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-10761"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-10761"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#981271"
      },
      {
        "date": "2019-06-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "date": "2019-06-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-10761"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "date": "2016-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "date": "2019-06-29T20:15:09.123000",
        "db": "NVD",
        "id": "CVE-2016-10761"
      },
      {
        "date": "2019-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-01T00:00:00",
        "db": "CERT/CC",
        "id": "VU#981271"
      },
      {
        "date": "2019-07-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-89570"
      },
      {
        "date": "2019-07-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-10761"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "date": "2016-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001515"
      },
      {
        "date": "2019-07-08T14:47:37.927000",
        "db": "NVD",
        "id": "CVE-2016-10761"
      },
      {
        "date": "2019-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Logitech Unifying Device injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009358"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ],
    "trust": 1.4
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-1139"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2016-10761

Vulnerability from fkie_nvd - Published: 2019-06-29 20:15 - Updated: 2024-11-21 02:44

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

References

URL	Tags
cve@mitre.org	https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt	Third Party Advisory
cve@mitre.org	https://www.kb.cert.org/vuls/id/981271	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/981271	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
logitech	k400r_firmware	-
logitech	k400r	-
logitech	k360_firmware	-
logitech	k360	-
logitech	k750_firmware	-
logitech	k750	-
logitech	k830_firmware	-
logitech	k830	-
logitech	unifying_receiver_firmware	012.001.00019
logitech	unifying_receiver_firmware	012.003.00025
logitech	unifying_receiver	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:logitech:k400r_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4A37A95-7710-404E-9172-3C18AD04967A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:logitech:k400r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4209735C-A144-4BDB-8C13-AE988DEEBE13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:logitech:k360_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "904E02E3-3B6B-454A-87AB-1EBCBA73421E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:logitech:k360:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "06CBD49B-6708-4269-BC81-4F08E7C042EE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:logitech:k750_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B9F603-4755-4E23-AAB5-FFCD59AE919A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:logitech:k750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C80695A-ED9F-4C9A-BDB9-DE64BF385D51",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:logitech:k830_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB04029C-CDF0-439C-AA2C-27CD811CB81A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:logitech:k830:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "658D7100-E4B8-46A2-9C20-673464315437",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:logitech:unifying_receiver_firmware:012.001.00019:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FC255B-DE69-4E72-9992-D03D32460C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:logitech:unifying_receiver_firmware:012.003.00025:*:*:*:*:*:*:*",
              "matchCriteriaId": "52851742-C9B9-49F7-B3A2-E07A06E41278",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED6C6A2-619D-4809-8E1F-23D77B94FB31",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Logitech Unifying anteriores al 26-02-2016, permiten la inyecci\u00f3n de pulsaciones de teclado (keystroke), omitiendo el cifrado, tambi\u00e9n se conoce como MouseJack."
    }
  ],
  "id": "CVE-2016-10761",
  "lastModified": "2024-11-21T02:44:41.157",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-29T20:15:09.123",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/981271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/981271"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-34835

Vulnerability from cnvd - Published: 2019-10-12

Title

Logitech Unifying设备注入漏洞（CNVD-2019-34835）

Description

Logitech Unifying是瑞士罗技（Logitech）公司的一款USB型信号接收器。 Logitech Unifying设备存在注入漏洞。目前暂无详细的漏洞细节提供。

Severity

低

Patch Name

Logitech Unifying设备注入漏洞（CNVD-2019-34835）的补丁

Patch Description

Logitech Unifying是瑞士罗技（Logitech）公司的一款USB型信号接收器。 Logitech Unifying设备存在注入漏洞。目前暂无详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.logitech.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2016-10761

Impacted products

Name
Logitech Logitech Unifying <2016/2/26

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-10761",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2016-10761"
    }
  },
  "description": "Logitech Unifying\u662f\u745e\u58eb\u7f57\u6280\uff08Logitech\uff09\u516c\u53f8\u7684\u4e00\u6b3eUSB\u578b\u4fe1\u53f7\u63a5\u6536\u5668\u3002\n\nLogitech Unifying\u8bbe\u5907\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u76ee\u524d\u6682\u65e0\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "discovererName": "Marc Newlin",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.logitech.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-34835",
  "openTime": "2019-10-12",
  "patchDescription": "Logitech Unifying\u662f\u745e\u58eb\u7f57\u6280\uff08Logitech\uff09\u516c\u53f8\u7684\u4e00\u6b3eUSB\u578b\u4fe1\u53f7\u63a5\u6536\u5668\u3002\r\n\r\nLogitech Unifying\u8bbe\u5907\u5b58\u5728\u6ce8\u5165\u6f0f\u6d1e\u3002\u76ee\u524d\u6682\u65e0\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Logitech Unifying\u8bbe\u5907\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2019-34835\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Logitech Logitech Unifying \u003c2016/2/26"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-10761",
  "serverity": "\u4f4e",
  "submitTime": "2019-07-02",
  "title": "Logitech Unifying\u8bbe\u5907\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2019-34835\uff09"
}

GHSA-XGPH-V3CH-CHMG

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2024-04-04 01:06

Details

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-10761"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-29T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.",
  "id": "GHSA-xgph-v3ch-chmg",
  "modified": "2024-04-04T01:06:23Z",
  "published": "2022-05-24T16:49:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10761"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/981271"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-10761 (GCVE-0-2016-10761)

GSD-2016-10761

VAR-201906-0701

FKIE_CVE-2016-10761

CNVD-2019-34835

GHSA-XGPH-V3CH-CHMG

Tags

Sightings

Nomenclature