CVE-2024-1578 — MEDIUM (5.3)

Vulnerability Description

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Rfideas	Micard Plus Ci Firmware	0.1.0.7
Rfideas	Micard Plus Ci	-
Rfideas	Micard Plus Ble Firmware	0.1.0.4
Rfideas	Micard Plus Ble	-

Related Weaknesses (CWE)

CWE-1287

References

https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+AdviMitigationThird Party Advisory
https://www.canon-europe.com/psirt/advisory-informationVendor Advisory

FAQ

What is CVE-2024-1578?

CVE-2024-1578 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads...

How severe is CVE-2024-1578?

CVE-2024-1578 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-1578?

Check the references section above for vendor advisories and patch information. Affected products include: Rfideas Micard Plus Ci Firmware, Rfideas Micard Plus Ci, Rfideas Micard Plus Ble Firmware, Rfideas Micard Plus Ble.