cbcvebase.
CVE-2023-33221
published 2023-12-15

CVE-2023-33221: When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a…

PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.03%
59.4th percentile
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.

Affected

14 ranges
VendorProductVersion rangeFixed in
idemiamorphowave_compact_firmware< 2.12.22.12.2
idemiamorphowave_compact_xp< 2.12.22.12.2
idemiamorphowave_sp< 1.2.71.2.7
idemiamorphowave_sp_firmware< 1.2.71.2.7
idemiamorphowave_xp_firmware< 2.12.22.12.2
idemiasigma_extreme< 4.15.54.15.5
idemiasigma_extreme_firmware< 4.15.54.15.5
idemiasigma_lite_+_firmware< 4.15.54.15.5
idemiasigma_lite_firmware< 4.15.54.15.5
idemiasigma_lite_lite< 4.15.54.15.5
idemiasigma_wide< 4.15.54.15.5
idemiasigma_wide_firmware< 4.15.54.15.5
idemiavisionpass< 2.12.22.12.2
idemiavisionpass_firmware< 2.12.22.12.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.