Vulnerability Details CVE-2022-35860
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.5%
CVSS Severity
CVSS v3 Score 6.8
References
- http://kth.diva-portal.org/smash/get/diva2:1701492/FULLTEXT01.pdf
- http://kth.diva-portal.org/smash/record.jsf?pid=diva2%3A1701492&dswid=-3616
- https://www.corsair.com/us/en/Categories/Products/Gaming-Keyboards/Wireless-Keyboards/K63-Wireless-Mechanical-Gaming-Keyboard-%E2%80%94-Blue-LED-%E2%80%94-CHERRY%C2%AE-MX-Red/p/CH-9145030-NA
- http://kth.diva-portal.org/smash/get/diva2:1701492/FULLTEXT01.pdf
- http://kth.diva-portal.org/smash/record.jsf?pid=diva2%3A1701492&dswid=-3616
- https://www.corsair.com/us/en/Categories/Products/Gaming-Keyboards/Wireless-Keyboards/K63-Wireless-Mechanical-Gaming-Keyboard-%E2%80%94-Blue-LED-%E2%80%94-CHERRY%C2%AE-MX-Red/p/CH-9145030-NA
Products affected by CVE-2022-35860
-
cpe:2.3:h:corsair:k63:-
-
cpe:2.3:o:corsair:k63_firmware:3.1.3