Product
idemia morphowave compact firmware
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-33222
CVE-2023-33221
CVE-2023-33220
CVE-2023-33219
CVE-2023-33218
CVE-2023-33217
CVE-2023-4667
< 2.12.2
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the
< 2.12.2
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the da
< 2.12.2
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check
< 2.12.2
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operation
< 2.12.2
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentiall
< 2.12.2
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of
all versions
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The st