CVE-2019-13054 — MEDIUM (6.5)

Vulnerability Description

The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Logitech	R500 Firmware	-
Logitech	R500	-

Related Weaknesses (CWE)

CWE-522

References

https://twitter.com/mame82/status/1143093313924452353ExploitThird Party Advisory
https://twitter.com/mame82/status/1143093313924452353ExploitThird Party Advisory

FAQ

What is CVE-2019-13054?

CVE-2019-13054 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restricti...

How severe is CVE-2019-13054?

CVE-2019-13054 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13054?

Check the references section above for vendor advisories and patch information. Affected products include: Logitech R500 Firmware, Logitech R500.