CVE-2024-1578

Multiple MiCard PLUS card reader dropped characters

Description

The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the ‘ID card self-registration’ function.

References

Link	Tags
https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters	mitigation third party advisory vendor advisory
https://www.canon-europe.com/psirt/advisory-information	mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-1578?: CVE-2024-1578 has been scored as a medium severity vulnerability.
How to fix CVE-2024-1578?: To fix CVE-2024-1578, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-1578 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-1578 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-1578?: CVE-2024-1578 affects Rebranded by NT-ware (originally developed and provided by rf IDEAS) MiCard PLUS Ci, Rebranded by NT-ware (originally developed and provided by rf IDEAS) MiCard PLUS BLE.

Description

Category

CWE-1287 – Improper Validation of Specified Type of Input

References

Frequently Asked Questions