CVE-2019-9835 — CRITICAL (9.6)

Vulnerability Description

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption.

CVSS Score

9.6

CRITICAL

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fujitsu	Lx901 Firmware	-
Fujitsu	Lx901	-
Fujitsu	Gk900 Firmware	-
Fujitsu	Gk900	-

References

http://www.securityfocus.com/bid/107440
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.tExploitThird Party Advisory
http://www.securityfocus.com/bid/107440
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.tExploitThird Party Advisory

FAQ

What is CVE-2019-9835?

CVE-2019-9835 is a vulnerability with a CVSS score of 9.6 (CRITICAL). The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitim...

How severe is CVE-2019-9835?

CVE-2019-9835 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-9835?

Check the references section above for vendor advisories and patch information. Affected products include: Fujitsu Lx901 Firmware, Fujitsu Lx901, Fujitsu Gk900 Firmware, Fujitsu Gk900.