The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.
References
Link | Resource |
---|---|
https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters | Mitigation Third Party Advisory |
https://www.canon-europe.com/psirt/advisory-information | Vendor Advisory |
Configurations
History
20 Sep 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:* cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:* cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:* cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:* |
|
References | () https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - Mitigation, Third Party Advisory | |
References | () https://www.canon-europe.com/psirt/advisory-information - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
First Time |
Rfideas micard Plus Ci
Rfideas micard Plus Ble Rfideas Rfideas micard Plus Ci Firmware Rfideas micard Plus Ble Firmware |
16 Sep 2024, 15:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
16 Sep 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-16 07:15
Updated : 2024-09-20 13:53
NVD link : CVE-2024-1578
Mitre link : CVE-2024-1578
CVE.ORG link : CVE-2024-1578
JSON object : View
Products Affected
rfideas
- micard_plus_ble
- micard_plus_ble_firmware
- micard_plus_ci_firmware
- micard_plus_ci
CWE