Products
MiCard PLUS Ci and MiCard PLUS BLE reader
Source
4586e0a2-224d-4f8a-9cb4-8882b208c0b3
Tags
CVE-2024-1578 details
Last Modified : Sept. 16, 2024, 3:35 p.m.
Description
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.
CVSS Score
| 1 | 2 | 3 | 4 | 5.3 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1287 | Improper Validation of Specified Type of Input | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
CVSS Data
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
Base Score
5.3
Exploitability Score
0.5
Impact Score
4.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
References
| URL | Source |
|---|---|
| https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters | 4586e0a2-224d-4f8a-9cb4-8882b208c0b3 |
| https://www.canon-europe.com/psirt/advisory-information | 4586e0a2-224d-4f8a-9cb4-8882b208c0b3 |