CVE-2018-9119

Name of the Vulnerable Software and Affected Versions BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4)

Description The issue allows an attacker with physical access to unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth, as no authentication is required. This has been demonstrated using gatttool.

Recommendations For BrilliantTS FUZE card with MCU firmware 0.1.73 and BLE firmware 0.7.4, consider implementing authentication for Bluetooth connections to prevent unauthorized access until a patch is available. Restrict physical access to the card to minimize the risk of exploitation.