CVE-2022-35860

MEDIUM

Corsair K63 Wireless <3.1.3 - Info Disclosure

Title source: llm

Description

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.

References (3)

[Exploit, Third Party Advisory] http://kth.diva-portal.org/smash/get/diva2:1701492/FULLTEXT01.pdf

[Third Party Advisory] http://kth.diva-portal.org/smash/record.jsf?pid=diva2%3A1701492&dswid=-3616

[Product, Vendor Advisory] https://www.corsair.com/us/en/Categories/Products/Gaming-Keyboards/Wireless-Keyboards/K63-Wireless-Mechanical-Gaming-Keyboard-%E2%80%94-Blue-LED-%E2%80%94-CHERRY%C2%AE-MX-Red/p/CH-9145030-NA

Scores

CVSS v3 6.8

EPSS 0.0005

EPSS Percentile 15.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-311

Status published

Products (1)

corsair/k63_firmware 3.1.3

Published Oct 19, 2022

Tracked Since Feb 18, 2026