Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for fuze_card_mcu_firmware by brilliantts

    CVE-2018-9119 (GCVE-0-2018-9119)

    Vulnerability from nvd – Published: 2018-04-04 00:00 – Updated: 2024-08-05 07:17
    VLAI
    Summary
    An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ice9.us/advisories/ICE9-2018-001.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elttam.com/blog/fuzereview/#content"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T22:10:16.240Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/"
            },
            {
              "url": "https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html"
            },
            {
              "url": "https://ice9.us/advisories/ICE9-2018-001.txt"
            },
            {
              "url": "https://www.elttam.com/blog/fuzereview/#content"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-9119",
        "datePublished": "2018-04-04T00:00:00.000Z",
        "dateReserved": "2018-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9119 (GCVE-0-2018-9119)

    Vulnerability from cvelistv5 – Published: 2018-04-04 00:00 – Updated: 2024-08-05 07:17
    VLAI
    Summary
    An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:17:50.651Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://ice9.us/advisories/ICE9-2018-001.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elttam.com/blog/fuzereview/#content"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T22:10:16.240Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/"
            },
            {
              "url": "https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html"
            },
            {
              "url": "https://ice9.us/advisories/ICE9-2018-001.txt"
            },
            {
              "url": "https://www.elttam.com/blog/fuzereview/#content"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-9119",
        "datePublished": "2018-04-04T00:00:00.000Z",
        "dateReserved": "2018-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:17:50.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }