PT-2018-18867 · Brilliantts · Brilliantts Fuze Card

Mpeg4Codec

Publicado

2018-04-04

Atualizado

2023-08-31

CVE-2018-9119

CVSS v3.1

6.1

Média

Vetor

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4)

Description The issue allows an attacker with physical access to unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth, as no authentication is required. This has been demonstrated using gatttool.

Recommendations For BrilliantTS FUZE card with MCU firmware 0.1.73 and BLE firmware 0.7.4, consider implementing authentication for Bluetooth connections to prevent unauthorized access until a patch is available. Restrict physical access to the card to minimize the risk of exploitation.

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

CVE-2018-9119

Produtos afetados

Brilliantts Fuze Card

PT-2018-18867 · Brilliantts · Brilliantts Fuze Card

CVE-2018-9119

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6