CVE-2023-33222

When handling contactless cards, usage of a specific function to get additional information from the card which doesn'tcheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to apotential Remote Code Execution on the targeted device

CVE-2023-33221

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copyinginternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote CodeExecution on the targeted device. This is especially problematic if you use...

CVE-2023-33217

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanentdenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

CVE-2023-33220

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributesto check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeteddevice

CVE-2023-33219

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validationoperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on thetargeted device

CVE-2023-33218

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow.This could potentially lead to a Remote Code execution on the targeted device.