Firmware Fault in MiCard PLUS Ci May Cause ID Card Number Incorrectly Assigned
CVE-2024-1578

5.3MEDIUM

Key Information:

Vendor: Rebranded By Nt-ware (originally Developed And Provided By Rf Ideas)
Status: Micard Plus Ci; Micard Plus Ble
Vendor: CVE Published:; 16 September 2024

🔔 Create Rebranded By Nt-ware (originally Developed And Provided By Rf Ideas) Vulnerability Alert

What is CVE-2024-1578?

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.

Affected Version(s)

MiCard PLUS BLE 0.1.0.4

MiCard PLUS Ci 0.1.0.7

References

https://ntware.atlassian.net/wiki/spaces/SA/pages/1197385...

vendor-advisorymitigation

https://www.canon-europe.com/psirt/advisory-information

vendor-advisorymitigation

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2024
Vulnerability Reserved
Feb 16, 2024