CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-9119

An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 3.6

References

https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
https://ice9.us/advisories/ICE9-2018-001.txt
https://www.elttam.com/blog/fuzereview/#content
https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/
https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
https://ice9.us/advisories/ICE9-2018-001.txt
https://www.elttam.com/blog/fuzereview/#content
https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/

Products affected by CVE-2018-9119

Brilliantts » Fuze Card » Version: N/A

cpe:2.3:h:brilliantts:fuze_card:-
Brilliantts » Fuze Card Ble Firmware » Version: 0.7.4

cpe:2.3:o:brilliantts:fuze_card_ble_firmware:0.7.4
Brilliantts » Fuze Card Mcu Firmware » Version: 0.1.73

cpe:2.3:o:brilliantts:fuze_card_mcu_firmware:0.1.73

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-9119

Products

Pricing

Contact Us