CVE-2022-35860: n/a in n/a
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
AI Analysis
Technical Summary
CVE-2022-35860 is a vulnerability affecting the Corsair K63 Wireless keyboard, specifically version 3.1.3. The core issue is the absence of AES encryption on the 2.4 GHz radio transmissions between the keyboard and its receiver. This lack of encryption allows an attacker who is physically near the victim to intercept (sniff) and inject keystrokes over the wireless communication channel. The vulnerability is classified under CWE-311, which relates to the failure to encrypt sensitive data. Without encryption, the wireless signals carrying keystroke data are transmitted in cleartext or with insufficient protection, making it feasible for an attacker with specialized radio equipment to capture sensitive information such as passwords, confidential messages, or other typed data. Additionally, the attacker can inject malicious keystrokes, potentially leading to unauthorized commands or actions on the victim's system. The CVSS 3.1 base score is 6.8 (medium severity), with the vector indicating that the attack requires adjacent network access (physically proximate), high attack complexity, no privileges required, no user interaction, unchanged scope, and high impact on confidentiality and integrity but no impact on availability. No patches or fixes are currently linked, and no known exploits are reported in the wild. This vulnerability highlights the risks of wireless input devices that do not implement strong encryption, especially in environments where physical proximity to the target device is possible.
Potential Impact
For European organizations, this vulnerability poses a significant risk to data confidentiality and integrity, particularly in environments where sensitive information is typed on vulnerable Corsair K63 Wireless keyboards. Sectors such as finance, government, healthcare, and critical infrastructure could be targeted to capture credentials, intellectual property, or confidential communications. The physical proximity requirement limits remote exploitation but does not eliminate risk in shared office spaces, public areas, or during travel. The ability to inject keystrokes also raises concerns about unauthorized command execution, potentially leading to further compromise or data manipulation. Given the widespread use of wireless peripherals in modern workplaces, this vulnerability could facilitate espionage or insider threat activities if exploited. The absence of encryption undermines trust in wireless input devices and may necessitate additional security controls to protect sensitive environments.
Mitigation Recommendations
Organizations should immediately assess the deployment of Corsair K63 Wireless keyboards, especially version 3.1.3, and consider replacing them with models that implement strong encryption on wireless communications. Until a vendor patch is available, physical security controls should be enhanced to restrict attacker proximity, such as securing workspaces and limiting access to areas where vulnerable devices are used. Network segmentation and monitoring for unusual input device behavior can help detect potential injection attempts. Employing endpoint security solutions that can detect anomalous keystroke patterns or unauthorized input device activity may provide additional protection. Users should be trained to recognize suspicious behavior and report anomalies. Where possible, switching to wired keyboards or wireless devices with proven encryption standards is recommended. Finally, organizations should monitor vendor communications for updates or patches addressing this vulnerability and apply them promptly once available.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Belgium, Sweden, Finland
CVE-2022-35860: n/a in n/a
Description
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
AI-Powered Analysis
Technical Analysis
CVE-2022-35860 is a vulnerability affecting the Corsair K63 Wireless keyboard, specifically version 3.1.3. The core issue is the absence of AES encryption on the 2.4 GHz radio transmissions between the keyboard and its receiver. This lack of encryption allows an attacker who is physically near the victim to intercept (sniff) and inject keystrokes over the wireless communication channel. The vulnerability is classified under CWE-311, which relates to the failure to encrypt sensitive data. Without encryption, the wireless signals carrying keystroke data are transmitted in cleartext or with insufficient protection, making it feasible for an attacker with specialized radio equipment to capture sensitive information such as passwords, confidential messages, or other typed data. Additionally, the attacker can inject malicious keystrokes, potentially leading to unauthorized commands or actions on the victim's system. The CVSS 3.1 base score is 6.8 (medium severity), with the vector indicating that the attack requires adjacent network access (physically proximate), high attack complexity, no privileges required, no user interaction, unchanged scope, and high impact on confidentiality and integrity but no impact on availability. No patches or fixes are currently linked, and no known exploits are reported in the wild. This vulnerability highlights the risks of wireless input devices that do not implement strong encryption, especially in environments where physical proximity to the target device is possible.
Potential Impact
For European organizations, this vulnerability poses a significant risk to data confidentiality and integrity, particularly in environments where sensitive information is typed on vulnerable Corsair K63 Wireless keyboards. Sectors such as finance, government, healthcare, and critical infrastructure could be targeted to capture credentials, intellectual property, or confidential communications. The physical proximity requirement limits remote exploitation but does not eliminate risk in shared office spaces, public areas, or during travel. The ability to inject keystrokes also raises concerns about unauthorized command execution, potentially leading to further compromise or data manipulation. Given the widespread use of wireless peripherals in modern workplaces, this vulnerability could facilitate espionage or insider threat activities if exploited. The absence of encryption undermines trust in wireless input devices and may necessitate additional security controls to protect sensitive environments.
Mitigation Recommendations
Organizations should immediately assess the deployment of Corsair K63 Wireless keyboards, especially version 3.1.3, and consider replacing them with models that implement strong encryption on wireless communications. Until a vendor patch is available, physical security controls should be enhanced to restrict attacker proximity, such as securing workspaces and limiting access to areas where vulnerable devices are used. Network segmentation and monitoring for unusual input device behavior can help detect potential injection attempts. Employing endpoint security solutions that can detect anomalous keystroke patterns or unauthorized input device activity may provide additional protection. Users should be trained to recognize suspicious behavior and report anomalies. Where possible, switching to wired keyboards or wireless devices with proven encryption standards is recommended. Finally, organizations should monitor vendor communications for updates or patches addressing this vulnerability and apply them promptly once available.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-07-13T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9817c4522896dcbd79f6
Added to database: 5/21/2025, 9:08:39 AM
Last enriched: 7/5/2025, 2:39:55 AM
Last updated: 8/15/2025, 7:14:58 AM
Views: 13
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.