本ページは idemia morphowave_xp_firmware に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-33222 | When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | a87f365f-9d39-4848-9b3a-58c7cae69cab | 6.8 | 1.29% | 2023-12-15 | 2026-06-17 |
| CVE-2023-33221 | When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. | a87f365f-9d39-4848-9b3a-58c7cae69cab | 6.8 | 1.03% | 2023-12-15 | 2026-06-17 |
| CVE-2023-33220 | During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | a87f365f-9d39-4848-9b3a-58c7cae69cab | 9.1 | 1.14% | 2023-12-15 | 2026-06-17 |
| CVE-2023-33219 | The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device | a87f365f-9d39-4848-9b3a-58c7cae69cab | 9.1 | 1.14% | 2023-12-15 | 2026-06-17 |
| CVE-2023-33218 | The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. | a87f365f-9d39-4848-9b3a-58c7cae69cab | 9.1 | 1.14% | 2023-12-15 | 2026-06-17 |
| CVE-2023-33217 | By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer | a87f365f-9d39-4848-9b3a-58c7cae69cab | 7.5 | 0.68% | 2023-12-15 | 2026-06-17 |