CVE-2016-6257

Name: CVE-2016-6257
Creator: NVD / NIST
Published: 2016-08-02T14:59:04.49+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 1.02%

Last modified Jun 17, 2026

CVE-2016-6257 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack.". EPSS estimates a 1.02% chance of exploitation in the next 30 days.

Description

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

1.02%

59.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-310

Affected Software

Vendor	Product	Versions
Amazonbasics	Firmware	All versions
Dell	Km714 Firmware	<= 012.005.00028
Dell	Km632 Firmware	All versions
Logitech	Unifying Firmware	<= 012.005.00028
Logitech	Unifying Firmware	<= 024.003.00027
Lenovo	Ultraslim Firmware	All versions

References

http://www.securityfocus.com/bid/92179Third Party Advisory, VDB Entry
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txtThird Party Advisory
https://support.lenovo.com/product_security/len_7267Vendor Advisory
https://www.bastille.net/research/vulnerabilities/keyjackThird Party Advisory
http://www.securityfocus.com/bid/92179Third Party Advisory, VDB Entry
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txtThird Party Advisory
https://support.lenovo.com/product_security/len_7267Vendor Advisory
https://www.bastille.net/research/vulnerabilities/keyjackThird Party Advisory

Timeline

Published: Aug 2, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-6257?

How severe is CVE-2016-6257?

CVE-2016-6257 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 1.02% probability of exploitation in the next 30 days.

How do I fix CVE-2016-6257?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-6257?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST