CVE-2024-29941

HIGH

ICT MIFARE/DESFire - Info Disclosure

Title source: llm

Description

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption.

References (1)

[Various Sources] https://ict.co/media/1xdhaugi/credential-cloning.pdf

Scores

CVSS v3 8.0

EPSS 0.0006

EPSS Percentile 19.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Classification

CWE

CWE-522

Status draft

Timeline

Published May 06, 2024

Tracked Since Feb 18, 2026