CVE-2024-1578

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*

History

20 Sep 2024, 13:53

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Rfideas
Rfideas micard Plus Ble Firmware
Rfideas micard Plus Ble
Rfideas micard Plus Ci
Rfideas micard Plus Ci Firmware
CPE cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*
cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*
cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*
References () https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - () https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters - Mitigation, Third Party Advisory
References () https://www.canon-europe.com/psirt/advisory-information - () https://www.canon-europe.com/psirt/advisory-information - Vendor Advisory

16 Sep 2024, 15:35

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-16 07:15

Updated : 2024-09-20 13:53


NVD link : CVE-2024-1578

Mitre link : CVE-2024-1578

CVE.ORG link : CVE-2024-1578


JSON object : View

Products Affected

rfideas

  • micard_plus_ci_firmware
  • micard_plus_ble_firmware
  • micard_plus_ble
  • micard_plus_ci
CWE
NVD-CWE-noinfo CWE-1287

Improper Validation of Specified Type of Input