Primary

Context

Tangem SDK Android Offline Wallet Attestation Logic Flaw Vulnerability

Vulnerability

A vulnerability exists in the Tangem SDK for Android, specifically in the offline wallet attestation process, prior to version 5.18.3. The issue arises because verification results are ignored during the initial scan of a card, potentially leading to incorrect attestation outcomes. Although this flaw may not have been exploitable in practice, it creates a lapse in the genuineness check process.

Impact

This vulnerability could result in improper wallet attestation, allowing cards to be incorrectly verified as genuine or vice versa, during the first scan.

Remediation

Users can update to Tangem SDK version 5.18.3 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tangem SDK Android Offline Wallet Attestation Logic Flaw Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating