CVE-2023-48034

MEDIUM

Acer SK-9662 Firmware - Inadequate Encryption Strength

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-48034. PoCs published by aprkr.

AI-analyzed exploit summary This repository contains a functional Python script that demonstrates the brute-force decryption of Acer Wireless Keyboard SK-9662 keystrokes due to weak AES encryption (1-byte key). The exploit captures encrypted packets and decrypts them by brute-forcing the 256 possible keys.

Description

An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.

Exploits (1)

nomisec WORKING POC 1 stars

by aprkr · poc

https://github.com/aprkr/CVE-2023-48034

View Code ZIP pw:eip

This repository contains a functional Python script that demonstrates the brute-force decryption of Acer Wireless Keyboard SK-9662 keystrokes due to weak AES encryption (1-byte key). The exploit captures encrypted packets and decrypts them by brute-forcing the 256 possible keys.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Acer Wireless Keyboard SK-9662 (FCC ID: H4IKB9662)

No auth needed

Prerequisites: Physical proximity to the target keyboard · 2.4 GHz radio capture capability

MITRE ATT&CK

T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/aprkr/CVE-2023-48034

Scores

CVSS v3 6.1

EPSS 0.0025

EPSS Percentile 15.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-326

Status published

Products (1)

acer/sk-9662_firmware

Published Nov 27, 2023

Tracked Since Feb 18, 2026