CVE-2022-46338 is a medium-severity vulnerability affecting the g810-led 0.4.2 software, which is a LED configuration tool designed for Logitech Gx10 series keyboards. The vulnerability arises from an insecure udev rule included in the software package. Specifically, the udev rule sets device nodes associated with supported Logitech keyboards to be world-readable and writable. This misconfiguration allows any process running on the affected system to access these device nodes without restriction. Consequently, malicious or unauthorized processes can intercept keyboard traffic, potentially capturing sensitive data such as keystrokes, passwords, or other confidential input. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource), indicating that the permissions on critical device files are overly permissive. The CVSS v3.1 base score is 6.5, reflecting a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The impact is primarily on confidentiality (high), with no impact on integrity or availability. There are no known exploits in the wild, and no patches or vendor advisories have been linked. The vulnerability affects Linux systems where g810-led 0.4.2 is installed and used with Logitech Gx10 keyboards, which are specialized gaming keyboards. The insecure permissions on device nodes expose the system to local or remote attackers who can trick users into running malicious code or scripts that exploit this misconfiguration to capture keyboard input data.

For European organizations, especially those in sectors handling sensitive or confidential information such as finance, government, defense, and critical infrastructure, this vulnerability poses a significant risk to data confidentiality. Attackers exploiting this flaw could capture keystrokes, including passwords, encryption keys, or other sensitive input, leading to credential theft, unauthorized access, or data breaches. Since the vulnerability requires user interaction and affects systems with specific Logitech hardware and software, the impact is somewhat limited to environments where these keyboards and the g810-led tool are deployed. However, organizations with gaming or specialized peripherals in office environments, or those using these devices for administrative tasks, could be exposed. The vulnerability could also be leveraged as a foothold for further lateral movement within networks if attackers gain initial access. Although no integrity or availability impacts are noted, the confidentiality breach alone can have severe consequences, including regulatory penalties under GDPR for data leakage and loss of trust. The lack of patches or vendor guidance increases the risk window, requiring organizations to implement compensating controls promptly.

1. Immediately audit systems for the presence of g810-led 0.4.2 and Logitech Gx10 keyboards. Remove or disable the g810-led tool if it is not essential. 2. Manually review and correct udev rules related to Logitech devices to ensure device nodes have restrictive permissions, limiting access to root or authorized users only. 3. Implement strict endpoint security controls to monitor and restrict unauthorized processes from accessing device nodes or running untrusted code. 4. Educate users about the risks of running untrusted software or scripts that could exploit this vulnerability, emphasizing caution with user interaction prompts. 5. Employ kernel-level security modules (e.g., SELinux, AppArmor) to enforce mandatory access controls on device files, preventing unauthorized read/write operations. 6. Monitor system logs and audit trails for unusual access patterns to device nodes or keyboard input streams. 7. Coordinate with Logitech or relevant vendors for updates or patches and subscribe to security advisories for timely remediation. 8. Consider hardware inventory management to limit deployment of vulnerable peripherals in sensitive environments. 9. For environments where the tool is necessary, isolate affected systems in segmented network zones to reduce exposure.