{"vuid":"VU#981271","idnumber":"981271","name":"Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol","keywords":["wireless","encryption"],"overview":"Wireless keyboard and mouse devices from multiple vendors use proprietary wireless protocols that are not properly secured.","clean_desc":"CWE-311: Missing Encryption of Sensitive Data Multiple wireless input devices (keyboard and mouse) use a proprietary wireless protocol on the 2.4 GHz ISM band that lacks proper encryption. An attacker within wireless transmission range can inject keystrokes or read keystroke data, or cause the victim's device to pair with a new input device. Wireless range on these models varies but is typically a few meters within a home. The researchers have released a website as well as advisories with more details. This vulnerability does not impact Bluetooth devices.","impact":"An attacker within wireless transmission range can inject keystrokes on the victim's device, or cause the victim's device to pair with a new input device.","resolution":"Update device firmware According to the researcher, Logitech has released an updated firmware for their devices to address this issue. Please contact Logitech customer support for more information. Users of other models should consider individual use cases and threat models when using the devices until an update is available.","workarounds":"","sysaffected":"","thanks":"Thanks to \nMarc Newlin of Bastille Threat Research Team \nfor reporting this vulnerability.","author":"This document was written by Garret Wassermann.","public":["https://github.com/RFStorm/mousejack","https://github.com/RFStorm/mousejack/tree/master/doc/advisories","https://www.mousejack.com/","http://cwe.mitre.org/data/definitions/311.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-01-15T18:34:48Z","publicdate":"2016-02-23T00:00:00Z","datefirstpublished":"2016-02-24T23:40:01Z","dateupdated":"2016-03-01T22:12:10Z","revision":31,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"2.9","cvss_basevector":"AV:A/AC:M/Au:N/C:N/I:P/A:N","cvss_temporalscore":"2.6","cvss_environmentalscore":"1.934487361296","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}