Login Sign Up

CVE-2019-9835

9.6 CRITICAL

📋 TL;DR

This vulnerability allows attackers to inject keystrokes into Fujitsu Wireless Keyboard Set LX901 GK900 devices by sending unencrypted 2.4 GHz packets that the receiver accepts despite legitimate communication using AES encryption. This affects users of these specific wireless keyboard sets, allowing attackers within wireless range to execute arbitrary commands on connected systems.

💻 Affected Systems

Products:
  • Fujitsu Wireless Keyboard Set LX901 GK900
Versions: All versions prior to firmware fix
Operating Systems: Any OS using the affected keyboard receiver
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the wireless receiver/bridge component that accepts unencrypted packets despite AES being used for legitimate communication.

📦 What is this software?

Gk900 Firmware by Fujitsu

View all CVEs affecting Gk900 Firmware →

Lx901 Firmware by Fujitsu

View all CVEs affecting Lx901 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary command execution, data theft, malware installation, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation, credential theft, or installation of backdoors on affected systems within wireless range.

🟢

If Mitigated

Limited impact if devices are physically secured, wireless range is controlled, or systems have additional authentication layers.

🌐 Internet-Facing: LOW - Requires physical proximity to wireless receiver (typically within 10 meters).
🏢 Internal Only: HIGH - Attackers within physical premises can exploit without network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires proximity to wireless receiver and ability to transmit on 2.4 GHz frequency. No authentication or special privileges needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

Contact Fujitsu support for firmware updates or replacement options. No official patch documentation available.

🔧 Temporary Workarounds

Physical Isolation

all

Place wireless receiver in physically secure location with limited wireless range

Replace with Wired Keyboard

all

Replace vulnerable wireless keyboard with wired alternative

🧯 If You Can't Patch

  • Deploy in physically secure environments with controlled access
  • Implement additional authentication layers on connected systems
  • Monitor for unusual keyboard activity or unexpected commands
  • Consider using USB port blockers when not in use

🔍 How to Verify

Check if Vulnerable:

Check device model number (LX901 GK900) and test with wireless packet analyzer for unencrypted packet acceptance

Check Version:

No standard command - check device labeling or firmware via manufacturer tools

Verify Fix Applied:

Test with wireless security tools to confirm only encrypted packets are accepted

📡 Detection & Monitoring

Log Indicators:

  • Unexpected command execution, rapid keystroke sequences, or administrative commands from non-privileged sessions

Network Indicators:

  • 2.4 GHz wireless traffic patterns inconsistent with normal keyboard usage

SIEM Query:

Search for: (rapid keyboard input) OR (unexpected administrative commands) OR (suspicious timing of keyboard events)

📊 Metadata

CVE ID: CVE-2019-9835
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Published: March 15, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON