CVE-2024-1578

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-1578
The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 4.7

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters Mitigation Third Party Advisory
https://www.canon-europe.com/psirt/advisory-information Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*
History

20 Sep 2024, 13:53

Type Values Removed Values Added
CPE cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*
cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*
First Time Rfideas micard Plus Ci Firmware
Rfideas micard Plus Ci
Rfideas micard Plus Ble Firmware
Rfideas micard Plus Ble
Rfideas
References () https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - () https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - Mitigation, Third Party Advisory
References () https://www.canon-europe.com/psirt/advisory-information - () https://www.canon-europe.com/psirt/advisory-information - Vendor Advisory
CWE NVD-CWE-noinfo

16 Sep 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
Summary
  • (es) Los lectores MiCard PLUS Ci y MiCard PLUS BLE desarrollados por rf IDEAS y renombrados por NT-ware tienen un fallo de firmware que puede provocar que se eliminen caracteres de forma aleatoria en algunas lecturas de tarjetas de identificación, lo que daría lugar a que se asignara un número de tarjeta de identificación incorrecto durante el autorregistro de la tarjeta de identificación y podría provocar intentos fallidos de inicio de sesión para los usuarios finales. La eliminación aleatoria de caracteres de los números de tarjeta de identificación compromete la unicidad de las tarjetas de identificación, lo que puede, por lo tanto, generar un problema de seguridad si los usuarios utilizan la función de "autorregistro de tarjeta de identificación".

16 Sep 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-16 07:15

Updated : 2024-09-20 13:53

NVD link : CVE-2024-1578

Mitre link : CVE-2024-1578

CVE.ORG link : CVE-2024-1578

JSON object : View

Products Affected

rfideas

  • micard_plus_ble
  • micard_plus_ci_firmware
  • micard_plus_ci
  • micard_plus_ble_firmware
CWE
NVD-CWE-noinfo CWE-1287

Improper Validation of Specified Type of Input