Vulnerability Description
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
CVSS Score
6.8
MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Corsair | K63 Firmware | 3.1.3 |
| Corsair | K63 | - |
Related Weaknesses (CWE)
References
- http://kth.diva-portal.org/smash/get/diva2:1701492/FULLTEXT01.pdfExploitThird Party Advisory
- http://kth.diva-portal.org/smash/record.jsf?pid=diva2%3A1701492&dswid=-3616Third Party Advisory
- https://www.corsair.com/us/en/Categories/Products/Gaming-Keyboards/Wireless-KeybProductVendor Advisory
- http://kth.diva-portal.org/smash/get/diva2:1701492/FULLTEXT01.pdfExploitThird Party Advisory
- http://kth.diva-portal.org/smash/record.jsf?pid=diva2%3A1701492&dswid=-3616Third Party Advisory
- https://www.corsair.com/us/en/Categories/Products/Gaming-Keyboards/Wireless-KeybProductVendor Advisory
FAQ
What is CVE-2022-35860?
CVE-2022-35860 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
How severe is CVE-2022-35860?
CVE-2022-35860 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35860?
Check the references section above for vendor advisories and patch information. Affected products include: Corsair K63 Firmware, Corsair K63.