CVE-2019-12505
Description
Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Inateck/WP1001description
Patches
Vulnerability mechanics
Root cause
"Unencrypted and unauthenticated 2.4 GHz radio communication allows an attacker to inject forged keystroke packets that the receiver accepts as legitimate."
Attack vector
An attacker with physical proximity captures the unencrypted 2.4 GHz radio packets sent by the wireless presenter to its receiver, reverse-engineers the protocol, and then injects forged packets that the receiver interprets as legitimate keystrokes [ref_id=1]. Because the data communication lacks both encryption and authentication [CWE-345], the receiver cannot distinguish injected packets from genuine presenter signals. This allows the attacker to send arbitrary keystrokes to the victim's computer, for example to install malware while the system is unattended [ref_id=1].
Affected code
The advisory does not identify specific functions or files; the vulnerability resides in the unencrypted and unauthenticated 2.4 GHz radio protocol used between the Inateck WP1001 wireless presenter and its USB dongle receiver [ref_id=1].
What the fix does
The advisory states the solution status is "Open" and no solution date was provided by the manufacturer [ref_id=1]. No patch or fix has been published. The recommended remediation would be to implement encryption and mutual authentication in the 2.4 GHz radio protocol so that the receiver only accepts keystroke packets that are cryptographically verified as originating from the genuine presenter [ref_id=1].
Preconditions
- networkAttacker must be within radio range (approximately 20 meters) of the victim's Inateck WP1001 receiver to capture and inject 2.4 GHz packets
- configThe victim's computer must have the Inateck WP1001 USB dongle plugged in and powered on
- authNo authentication or encryption is required to bypass, as the protocol lacks both
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- packetstormsecurity.com/files/153184/Inateck-2.4-GHz-Wireless-Presenter-WP1001-Keystroke-Injection.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Jun/4mitremailing-listx_refsource_FULLDISC
- seclists.org/bugtraq/2019/Jun/2mitremailing-listx_refsource_BUGTRAQ
- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-007.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.