CVE-2024-1578

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*

History

20 Sep 2024, 13:53

Type Values Removed Values Added
CPE cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*
cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*
References () https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - () https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - Mitigation, Third Party Advisory
References () https://www.canon-europe.com/psirt/advisory-information - () https://www.canon-europe.com/psirt/advisory-information - Vendor Advisory
CWE NVD-CWE-noinfo
First Time Rfideas micard Plus Ci
Rfideas micard Plus Ble
Rfideas
Rfideas micard Plus Ci Firmware
Rfideas micard Plus Ble Firmware

16 Sep 2024, 15:35

Type Values Removed Values Added
Summary
  • (es) Los lectores MiCard PLUS Ci y MiCard PLUS BLE desarrollados por rf IDEAS y renombrados por NT-ware tienen un fallo de firmware que puede provocar que se eliminen caracteres de forma aleatoria en algunas lecturas de tarjetas de identificación, lo que daría lugar a que se asignara un número de tarjeta de identificación incorrecto durante el autorregistro de la tarjeta de identificación y podría provocar intentos fallidos de inicio de sesión para los usuarios finales. La eliminación aleatoria de caracteres de los números de tarjeta de identificación compromete la unicidad de las tarjetas de identificación, lo que puede, por lo tanto, generar un problema de seguridad si los usuarios utilizan la función de "autorregistro de tarjeta de identificación".
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

16 Sep 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-16 07:15

Updated : 2024-09-20 13:53


NVD link : CVE-2024-1578

Mitre link : CVE-2024-1578

CVE.ORG link : CVE-2024-1578


JSON object : View

Products Affected

rfideas

  • micard_plus_ble_firmware
  • micard_plus_ci_firmware
  • micard_plus_ci
  • micard_plus_ble
CWE
NVD-CWE-noinfo CWE-1287

Improper Validation of Specified Type of Input