CVE-2024-22388 MEDIUM

CVE-2024-22388: Insecure Default Initialization of Resource in HID Global

Vendor Hid Global
Product iCLASS SE CP1000 Encoder
Weakness CWE-1188
Published February 6, 2024
Last update May 7, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

Key dates

02Disclosure timeline

February 6, 2024 CVE published
May 7, 2025 Record updated