Overview
- Description
- An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 5.2
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.6
- Impact score
- 4.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-306
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:brilliantts:fuze_card_ble_firmware:0.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49008870-8A17-407B-BB7A-9255C1C37F14"
},
{
"criteria": "cpe:2.3:o:brilliantts:fuze_card_mcu_firmware:0.1.73:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68174661-F161-4B27-9536-7264A1145F74"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:brilliantts:fuze_card:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1FB55F9B-14CC-4F5D-869B-AEC81F1C220E"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]