CVE-2018-9119
N/A
N/A
Summary
An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/
- https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
- https://ice9.us/advisories/ICE9-2018-001.txt
- https://www.elttam.com/blog/fuzereview/#content
References
- https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/
- https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
- https://ice9.us/advisories/ICE9-2018-001.txt
- https://www.elttam.com/blog/fuzereview/#content
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.