Morphowave Xp Firmware

morphowave_xp_firmware

Vendor: Idemia • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-33222 1Idemia 7Morphowave Compact Firmware Morphowave Sp FirmwareMorphowave Xp Firmware+4 more Nov 21, 2024 Dec 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer ov...Show more When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device Show less
CVE-2023-33221 1Idemia 7Morphowave Compact Firmware Morphowave Sp FirmwareMorphowave Xp Firmware+4 more Nov 21, 2024 Dec 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potent...Show more When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. Show less
CVE-2023-33220 1Idemia 7Morphowave Compact Firmware Morphowave Sp FirmwareMorphowave Xp Firmware+4 more Nov 21, 2024 Dec 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote C...Show more During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device Show less
CVE-2023-33219 1Idemia 7Morphowave Compact Firmware Morphowave Sp FirmwareMorphowave Xp Firmware+4 more Nov 21, 2024 Dec 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Co...Show more The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device Show less
CVE-2023-33218 1Idemia 7Morphowave Compact Firmware Morphowave Sp FirmwareMorphowave Xp Firmware+4 more Nov 21, 2024 Dec 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.
CVE-2023-33217 1Idemia 7Morphowave Compact Firmware Morphowave Sp FirmwareMorphowave Xp Firmware+4 more Nov 21, 2024 Dec 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the ter...Show more By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturerShow less