Skip to main content

Morphowave Xp Firmware

6 CVEs product

Monthly

CVE-2023-33222 CRITICAL Act Now

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33221 CRITICAL Act Now

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33220 CRITICAL Act Now

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33219 CRITICAL Act Now

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33218 CRITICAL Act Now

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33217 HIGH This Week

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware Morphowave Compact Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
EPSS 1% CVSS 9.8
CRITICAL Act Now

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sigma Lite Firmware +6
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sigma Lite Firmware Sigma Extreme Firmware +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy