CVE-2021-34600

MEDIUM

Telenot CompasX <32.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-34600.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2021-34600, targeting vulnerabilities in RFID/NFC systems (e.g., Mifare, HID, EMV). The code includes implementations for various attacks, such as nested authentication, key extraction, and simulation of tags.

Description

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

Exploits (1)

inthewild WORKING POC

poc

https://github.com/x41sec/cve-2021-34600

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2021-34600, targeting vulnerabilities in RFID/NFC systems (e.g., Mifare, HID, EMV). The code includes implementations for various attacks, such as nested authentication, key extraction, and simulation of tags.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Proxmark3 (RFID/NFC tool)

No auth needed

Prerequisites: Proxmark3 hardware · RFID/NFC tags

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-335

Status published

Products (1)

telenot/compasx < 32.0

Published Jan 20, 2022

Tracked Since Feb 18, 2026