Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153185/Inateck-2.4-GHz-Wearable-Wireless-Presenter-WP2002-Keystroke-Injection.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Jun/14 | Mailing List Third Party Advisory |
https://seclists.org/bugtraq/2019/Jun/3 | Mailing List Third Party Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-008.txt | Third Party Advisory |
http://packetstormsecurity.com/files/153185/Inateck-2.4-GHz-Wearable-Wireless-Presenter-WP2002-Keystroke-Injection.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Jun/14 | Mailing List Third Party Advisory |
https://seclists.org/bugtraq/2019/Jun/3 | Mailing List Third Party Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-008.txt | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:22
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/153185/Inateck-2.4-GHz-Wearable-Wireless-Presenter-WP2002-Keystroke-Injection.html - Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2019/Jun/14 - Mailing List, Third Party Advisory | |
References | () https://seclists.org/bugtraq/2019/Jun/3 - Mailing List, Third Party Advisory | |
References | () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-008.txt - Third Party Advisory |
Information
Published : 2019-06-07 21:29
Updated : 2024-11-21 04:22
NVD link : CVE-2019-12504
Mitre link : CVE-2019-12504
CVE.ORG link : CVE-2019-12504
JSON object : View
Products Affected
inateck
- wp2002
- wp2002_firmware
CWE
CWE-319
Cleartext Transmission of Sensitive Information