3.3
CVSSv2

CVE-2019-13052

Published: 29/06/2019 Updated: 08/07/2019
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed.

Vulnerability Trend

Affected Products

Vendor Product Versions
LogitechUnifying Receiver Firmware-

Github Repositories

Unifying disclosure repo This repository was accessed by a restricted group of reviewers before beeing opened to public (including Logitech staff) The content is mostly left untouched Most subfolders contain a dedicated README file This repo will be used to discuss recent vulnerabilities in Logitech Unifying technology, as well to share and discuss related proof-of-concept co

LOGITacker README is still under construction LOGITacker is a hardware tool to enumerate and test vulnerabilities of Logitech Wireless Input devices via RF In contrast to available tooling, it is designed as stand-alone tool This means not only the low level RF part, but also the application part is running on dedicated hardware, which could provides Command Line Interface (C

munifying by Marcus Mengs The tool munifying could be used to interact with Logitech receivers from USB end It was developed during vulnerability research and is provided as-is The main purpose is to demo extraction of AES link encryption keys and device RF addresses from the dongle via USB (CVE-2019-13054 and CVE-2019-13055) or at least support re-pairing of devices, which a

LOGITacker README is still under construction LOGITacker is a hardware tool to enumerate and test vulnerabilities of Logitech Wireless Input devices via RF In contrast to available tooling, it is designed as stand-alone tool This means not only the low level RF part, but also the application part is running on dedicated hardware, which could provides Command Line Interface (C

Recent Articles

Logitech Unifying Receivers Vulnerable to Key Injection Attacks
BleepingComputer • Sergiu Gatlan • 09 Jul 2019

Image: MiNe / Editing: BleepingComputer
Four new vulnerabilities were found to affect all Logitech's Unifying USB receivers that allow users to connect up to six different compatible Logitech wireless presentation remotes, mice, and keyboards to the same computer via a 2.4 GHz radio connection.
Security researcher Marcus Mengs discovered that the flaws are caused by Logitech dongles' outdated firmware and that they allow attackers with physical access to their targets' compute...