CVE-2020-16097

Summary

On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centreunspecified <= vGR7.80affected
GallagherCommand CentrevCR8.20 < vCR8.20.200221baffected
GallagherCommand Centre8.10 < vGR8.10.179affected
GallagherCommand Centre8.00 < vGR8.00.165affected
GallagherCommand Centre7.90 < vGR7.90.1038affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

References