CVE-2019-13055
https://notcve.org/view.php?id=CVE-2019-13055
Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard. Algunos dispositivos Logitech Unifying, permiten a los atacantes volcar claves y direcciones AES, conllevando a la capacidad de descifrado en tiempo real de las transmisiones de radiofrecuencia, como es demostrado por un ataque contra un teclado Logitech K360. • https://www.youtube.com/watch?v=5z_PEZ5PyeA • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-10761
https://notcve.org/view.php?id=CVE-2016-10761
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. Los dispositivos Logitech Unifying anteriores al 26-02-2016, permiten la inyección de pulsaciones de teclado (keystroke), omitiendo el cifrado, también se conoce como MouseJack. • https://github.com/BastilleResearch/mousejack/blob/master/doc/advisories/bastille-2.logitech.public.txt https://www.kb.cert.org/vuls/id/981271 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •