CVE-2016-6257

First published: Tue Aug 02 2016(Updated: )

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/weakness
• agent/author
• agent/severity
• agent/references
• agent/type
• agent/event
• agent/description
• agent/tags
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• vendor/amazonbasics
• canonical/amazonbasics firmware
• canonical/amazonbasics usb dongle
• canonical/amazonbasics wireless keyboard
• vendor/dell
• canonical/dell km714 firmware
• version/dell km714 firmware/012.005.00028
• canonical/dell km714 dongle
• canonical/dell km714 wireless keyboard
• canonical/dell km632 firmware
• canonical/dell km632 dongle
• canonical/dell km632 wireless keyboard
• vendor/logitech
• canonical/logitech unifying firmware
• version/logitech unifying firmware/012.005.00028
• version/logitech unifying firmware/024.003.00027
• canonical/logitech unifying dongle
• vendor/lenovo
• canonical/lenovo ultraslim firmware
• canonical/lenovo ultraslim dongle
• canonical/lenovo ultraslim wireless keyboard