CVE-2019-18201

HIGH

Fujitsu LX390 Firmware - Cleartext Transmission of Sensitive Information via 2.4 GHz Communication

Title source: llm

Description

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, an attacker is able to eavesdrop on sensitive data such as passwords.

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-010.txt

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/154955/Fujitsu-Wireless-Keyboard-Set-LX390-Missing-Encryption.html

Third Party Advisory x_refsource_misc

https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/

Scores

CVSS v3 7.5

EPSS 0.0123

EPSS Percentile 64.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-319

Status published

Products (1)

fujitsu/lx390_firmware

Published Oct 24, 2019

Tracked Since Feb 18, 2026