CVE-2019-13054 Information

Description

The Logitech R500 presentation clicker allows attackers to determine the AES key leading to keystroke injection. On Windows any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://twitter.com/mame82/status/1143093313924452353

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5