Code injection

2023-12-1511:15:00

PRIOn knowledge base

www.prio-n.com

code injection

firmware upgrade

denial of service

manufacturer

nvd

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it’s possible to cause a permanent
denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

CPENameOperatorVersion
morphowave_compact_firmwarelt2.12.2
morphowave_sp_firmwarelt1.2.7
morphowave_xp_firmwarelt2.12.2
sigma_extreme_firmwarelt4.15.5
sigma_lite\\+_firmwarelt4.15.5
sigma_lite_firmwarelt4.15.5
sigma_wide_firmwarelt4.15.5
visionpass_firmwarelt2.12.2

Name	Operator	Version
morphowave_compact_firmware	lt	2.12.2
morphowave_sp_firmware	lt	1.2.7
morphowave_xp_firmware	lt	2.12.2
sigma_extreme_firmware	lt	4.15.5
sigma_lite\\+_firmware	lt	4.15.5
sigma_lite_firmware	lt	4.15.5
sigma_wide_firmware	lt	4.15.5
visionpass_firmware	lt	2.12.2

References

www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf