CVE-2019-13054
MEDIUMLogitech R500 Firmware - Insufficiently Protected Credentials Leading to Keystroke Injection
Title source: llmDescription
The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://twitter.com/mame82/status/1143093313924452353
Scores
CVSS v3
6.5
EPSS
0.0085
EPSS Percentile
53.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-522
Status
published
Products (1)
logitech/r500_firmware
Published
Jun 29, 2019
Tracked Since
Feb 18, 2026