Vulnerability Description
An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Brilliantts | Fuze Card Ble Firmware | 0.7.4 |
| Brilliantts | Fuze Card Mcu Firmware | 0.1.73 |
| Brilliantts | Fuze Card | - |
Related Weaknesses (CWE)
References
- https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.htmlThird Party Advisory
- https://ice9.us/advisories/ICE9-2018-001.txtThird Party Advisory
- https://www.elttam.com/blog/fuzereview/#content
- https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_Issue Tracking
- https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.htmlThird Party Advisory
- https://ice9.us/advisories/ICE9-2018-001.txtThird Party Advisory
- https://www.elttam.com/blog/fuzereview/#content
- https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_Issue Tracking
FAQ
What is CVE-2018-9119?
CVE-2018-9119 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth b...
How severe is CVE-2018-9119?
CVE-2018-9119 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9119?
Check the references section above for vendor advisories and patch information. Affected products include: Brilliantts Fuze Card Ble Firmware, Brilliantts Fuze Card Mcu Firmware, Brilliantts Fuze Card.