CVE-2024-23806 MEDIUM

CVE-2024-23806: HID Global Reader Configuration Cards Improper Authorization

Vendor Hid Global
Product HID iCLASS SE reader configuration cards
Weakness CWE-285
Published February 7, 2024
Last update June 13, 2025

CVSS base score

5.3/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

Key dates

02Disclosure timeline

February 7, 2024 CVE published
June 13, 2025 Record updated