CVE-2016-6257

MEDIUM

Lenovo Ultraslim - RCE

Title source: llm

Description

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92179

[Third Party Advisory] https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt

View Writeup ZIP pw:eip

[Vendor Advisory] https://support.lenovo.com/product_security/len_7267

[Third Party Advisory] https://www.bastille.net/research/vulnerabilities/keyjack

Scores

CVSS v3 6.5

EPSS 0.0103

EPSS Percentile 77.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-310

Status draft

Affected Products (5)

amazonbasics/firmware

dell/km714_firmware < 012.005.00028

dell/km632_firmware

logitech/unifying_firmware < 012.005.00028

lenovo/ultraslim_firmware

Timeline

Published Aug 02, 2016

Tracked Since Feb 18, 2026