CVE-2016-6257 in Ultraslim Dongleinfo

Summary

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

07/20/2016

Disclosure

08/02/2016

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-310

CVSS

6.5

EPSS

0.01034

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6257
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6257
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6257/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!