How2Hack

**Name of the Vulnerable Software and Affected Versions** HiCOS Citizen verification component (affected versions not specified) **Description** The issue is caused by a stack-based buffer overflow due to insufficient parameter length validation. This allows an unauthenticated physical attacker to execute arbitrary code, manipulate system commands, or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NHI card (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow vulnerability in the NHI card's web service component. This vulnerability is caused by insufficient validation for network packet header length. An attacker with general user privilege on a local area network can exploit this issue to execute arbitrary code, manipulate system commands, or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NHI card (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow vulnerability in the NHI card's web service component. This vulnerability is caused by insufficient validation for the `packet origin parameter length`. An attacker with general user privilege on a LAN can exploit this issue to disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NHI card (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow vulnerability in the NHI card's web service component. This vulnerability is caused by insufficient validation for the `key` parameter in network packets. An attacker with general user privilege on a LAN can exploit this issue to disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HiCOS (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow vulnerability in the client-side citizen digital certificate component when reading IC card due to insufficient parameter length validation for OS information. This can be exploited by an unauthenticated physical attacker to execute arbitrary code, manipulate system data, or terminate the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HiCOS client-side citizen digital certificate component (affected versions not specified) **Description** The issue is a stack-based buffer overflow vulnerability in the client-side citizen digital certificate component when reading an IC card, due to insufficient parameter length validation for the card number. This can be exploited by an unauthenticated physical attacker to execute arbitrary code, manipulate system data, or terminate the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HICOS (affected versions not specified) **Description** The client-side citizen digital certificate component of HICOS has a stack-based buffer overflow issue when reading an IC card, due to insufficient validation of token information parameter length. This can be exploited by an unauthenticated physical attacker to execute arbitrary code, manipulate system data, or terminate the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HiCOS (affected versions not specified) **Description** The issue is related to a double free vulnerability in the client-side citizen certificate component. This can be exploited by an unauthenticated physical attacker to corrupt memory, execute arbitrary code, manipulate system data, or terminate the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.