CVE-2025-8699 (CNNVD-202509-1778)
中文标题:
KioSoft Stored Value Unattended Payment Solutions 安全漏洞
英文标题:
Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers coul...
漏洞描述
中文描述:
KioSoft Stored Value Unattended Payment Solutions是美国KioSoft公司的一款自助支付解决方案。 KioSoft Stored Value Unattended Payment Solutions存在安全漏洞,该漏洞源于使用不安全的MiFare Classic NFC卡存储账户余额,可能导致攻击者修改卡内余额并生成资金。
英文描述:
Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| KioSoft | Stored Value Unattended Payment Solution | Current firmware/hardware as of Q2/2025 | - | - |
cpe:2.3:a:kiosoft:stored_value_unattended_payment_solution:current_firmware_hardware_as_of_q2_2025:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-8699 |
2025-11-11 15:23:37 | 2025-11-11 07:40:53 |
| NVD | nvd_CVE-2025-8699 |
2025-11-11 15:01:02 | 2025-11-11 07:48:39 |
| CNNVD | cnnvd_CNNVD-202509-1778 |
2025-11-11 15:12:57 | 2025-11-11 08:00:10 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-1778
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- references_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']