PT-2020-14749 · Unknown · T Series Readers

Matthew Daley

Published

2020-09-15

Updated

2020-09-22

CVE-2020-16097

CVSS v3.1

7.3

High

Vector

AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions T Series readers versions prior to v8.20.200221b T Series readers versions prior to vGR8.10.179 T Series readers versions prior to vGR8.00.165 T Series readers versions prior to vGR7.90.165 T Series readers version v7.80 or earlier

Description It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.

Recommendations For versions prior to v8.20.200221b, update to v8.20.200221b or later. For versions prior to vGR8.10.179, update to vGR8.10.179 or later. For versions prior to vGR8.00.165, update to vGR8.00.165 or later. For versions prior to vGR7.90.165, update to vGR7.90.165 or later. For version v7.80 or earlier, update to a version later than v7.80.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-16097

Affected Products

T Series Readers

PT-2020-14749 · Unknown · T Series Readers

CVE-2020-16097

Weakness Enumeration

Related Identifiers

Affected Products

References · 3