CVE-2022-46338: n/a in n/a
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.
AI Analysis
Technical Summary
CVE-2022-46338 is a medium-severity vulnerability affecting the g810-led 0.4.2 software, which is a LED configuration tool designed for Logitech Gx10 series keyboards. The vulnerability arises from an insecure udev rule included in the software package. Specifically, the udev rule sets device nodes associated with supported Logitech keyboards to be world-readable and writable. This misconfiguration allows any process running on the affected system to access these device nodes without restriction. Consequently, malicious or unauthorized processes can intercept keyboard traffic, potentially capturing sensitive data such as keystrokes, passwords, or other confidential input. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), indicating that the permissions on critical device files are overly permissive. The CVSS v3.1 base score is 6.5, reflecting a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact is primarily on confidentiality (high), with no impact on integrity or availability. There are no known exploits in the wild, and no patches or vendor advisories have been linked. The vulnerability affects Linux systems where g810-led 0.4.2 is installed and used with Logitech Gx10 keyboards, which are specialized gaming keyboards. The insecure permissions on device nodes expose the system to local or remote attackers who can trick users into running malicious code or scripts that exploit this misconfiguration to capture keyboard input data.
Potential Impact
For European organizations, especially those in sectors handling sensitive or confidential information such as finance, government, defense, and critical infrastructure, this vulnerability poses a significant risk to data confidentiality. Attackers exploiting this flaw could capture keystrokes, including passwords, encryption keys, or other sensitive input, leading to credential theft, unauthorized access, or data breaches. Since the vulnerability requires user interaction and affects systems with specific Logitech hardware and software, the impact is somewhat limited to environments where these keyboards and the g810-led tool are deployed. However, organizations with gaming or specialized peripherals in office environments, or those using these devices for administrative tasks, could be exposed. The vulnerability could also be leveraged as a foothold for further lateral movement within networks if attackers gain initial access. Although no integrity or availability impacts are noted, the confidentiality breach alone can have severe consequences, including regulatory penalties under GDPR for data leakage and loss of trust. The lack of patches or vendor guidance increases the risk window, requiring organizations to implement compensating controls promptly.
Mitigation Recommendations
1. Immediately audit systems for the presence of g810-led 0.4.2 and Logitech Gx10 keyboards. Remove or disable the g810-led tool if it is not essential. 2. Manually review and correct udev rules related to Logitech devices to ensure device nodes have restrictive permissions, limiting access to root or authorized users only. 3. Implement strict endpoint security controls to monitor and restrict unauthorized processes from accessing device nodes or running untrusted code. 4. Educate users about the risks of running untrusted software or scripts that could exploit this vulnerability, emphasizing caution with user interaction prompts. 5. Employ kernel-level security modules (e.g., SELinux, AppArmor) to enforce mandatory access controls on device files, preventing unauthorized read/write operations. 6. Monitor system logs and audit trails for unusual access patterns to device nodes or keyboard input streams. 7. Coordinate with Logitech or relevant vendors for updates or patches and subscribe to security advisories for timely remediation. 8. Consider hardware inventory management to limit deployment of vulnerable peripherals in sensitive environments. 9. For environments where the tool is necessary, isolate affected systems in segmented network zones to reduce exposure.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-46338: n/a in n/a
Description
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.
AI-Powered Analysis
Technical Analysis
CVE-2022-46338 is a medium-severity vulnerability affecting the g810-led 0.4.2 software, which is a LED configuration tool designed for Logitech Gx10 series keyboards. The vulnerability arises from an insecure udev rule included in the software package. Specifically, the udev rule sets device nodes associated with supported Logitech keyboards to be world-readable and writable. This misconfiguration allows any process running on the affected system to access these device nodes without restriction. Consequently, malicious or unauthorized processes can intercept keyboard traffic, potentially capturing sensitive data such as keystrokes, passwords, or other confidential input. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), indicating that the permissions on critical device files are overly permissive. The CVSS v3.1 base score is 6.5, reflecting a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact is primarily on confidentiality (high), with no impact on integrity or availability. There are no known exploits in the wild, and no patches or vendor advisories have been linked. The vulnerability affects Linux systems where g810-led 0.4.2 is installed and used with Logitech Gx10 keyboards, which are specialized gaming keyboards. The insecure permissions on device nodes expose the system to local or remote attackers who can trick users into running malicious code or scripts that exploit this misconfiguration to capture keyboard input data.
Potential Impact
For European organizations, especially those in sectors handling sensitive or confidential information such as finance, government, defense, and critical infrastructure, this vulnerability poses a significant risk to data confidentiality. Attackers exploiting this flaw could capture keystrokes, including passwords, encryption keys, or other sensitive input, leading to credential theft, unauthorized access, or data breaches. Since the vulnerability requires user interaction and affects systems with specific Logitech hardware and software, the impact is somewhat limited to environments where these keyboards and the g810-led tool are deployed. However, organizations with gaming or specialized peripherals in office environments, or those using these devices for administrative tasks, could be exposed. The vulnerability could also be leveraged as a foothold for further lateral movement within networks if attackers gain initial access. Although no integrity or availability impacts are noted, the confidentiality breach alone can have severe consequences, including regulatory penalties under GDPR for data leakage and loss of trust. The lack of patches or vendor guidance increases the risk window, requiring organizations to implement compensating controls promptly.
Mitigation Recommendations
1. Immediately audit systems for the presence of g810-led 0.4.2 and Logitech Gx10 keyboards. Remove or disable the g810-led tool if it is not essential. 2. Manually review and correct udev rules related to Logitech devices to ensure device nodes have restrictive permissions, limiting access to root or authorized users only. 3. Implement strict endpoint security controls to monitor and restrict unauthorized processes from accessing device nodes or running untrusted code. 4. Educate users about the risks of running untrusted software or scripts that could exploit this vulnerability, emphasizing caution with user interaction prompts. 5. Employ kernel-level security modules (e.g., SELinux, AppArmor) to enforce mandatory access controls on device files, preventing unauthorized read/write operations. 6. Monitor system logs and audit trails for unusual access patterns to device nodes or keyboard input streams. 7. Coordinate with Logitech or relevant vendors for updates or patches and subscribe to security advisories for timely remediation. 8. Consider hardware inventory management to limit deployment of vulnerable peripherals in sensitive environments. 9. For environments where the tool is necessary, isolate affected systems in segmented network zones to reduce exposure.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-11-30T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d983fc4522896dcbf0b55
Added to database: 5/21/2025, 9:09:19 AM
Last enriched: 6/24/2025, 7:55:32 AM
Last updated: 8/6/2025, 6:53:22 PM
Views: 10
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.