Vulnerability Description
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inateck | Bcst-60 Firmware | - |
| Inateck | Bcst-60 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155503/Inateck-BCST-60-Barcode-Scanner-KeysThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Nov/30Mailing ListThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-027.tBroken LinkThird Party Advisory
- http://packetstormsecurity.com/files/155503/Inateck-BCST-60-Barcode-Scanner-KeysThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Nov/30Mailing ListThird Party Advisory
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-027.tBroken LinkThird Party Advisory
FAQ
What is CVE-2019-12503?
CVE-2019-12503 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes ...
How severe is CVE-2019-12503?
CVE-2019-12503 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-12503?
Check the references section above for vendor advisories and patch information. Affected products include: Inateck Bcst-60 Firmware, Inateck Bcst-60.