Vulnerability Details : CVE-2019-12506
Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
Products affected by CVE-2019-12506
- cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd802xm:*:*:*:*:*:*:*
- cpe:2.3:o:logitech:r700_laser_presentation_remote_firmware:wd904xm:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-12506
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-12506
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-12506
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-12506
-
http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html
Logitech R700 Laser Presentation Remote Keystroke Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt
Exploit;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Jun/4
Bugtraq: [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection VulnerabilityMailing List;Third Party Advisory;Exploit
-
http://seclists.org/fulldisclosure/2019/Jun/15
Full Disclosure: [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability
Jump to