CVE-2025-34501
BaseFortify
Publication date: 2025-11-03
Last updated on: 2025-11-04
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shufflemaster | deck_mate_1 | * |
| shufflemaster | deck_mate_2 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Deck Mate 2 devices that come with static, hard-coded credentials for both the root shell and the web user interface. Multiple management services such as SSH, HTTP, Telnet, SMB, and X11 are enabled by default. An attacker who can access these interfaces, typically through local or near-local access like USB or Ethernet ports under the table, can use these built-in credentials to log in with administrative privileges and gain full control of the system. Once logged in, the attacker can access firmware utilities, modify controller software, and maintain persistent control over the device. Although remote attacks via network, cellular, or telemetry links might be possible in some configurations, they generally require additional capabilities or operator mistakes. The vendor has disabled USB access in current firmware versions to mitigate some attack vectors.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to gain full administrative control over the Deck Mate 2 device. This means the attacker can modify firmware, change controller software, and maintain persistent access, potentially disrupting device functionality, compromising data integrity, or using the device as a foothold for further attacks within the network. The risk is higher if an attacker can physically or near-physically access the device's USB or Ethernet ports.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking for active management services such as SSH, HTTP, Telnet, SMB, and X11 running on the device, especially if it is a Deck Mate 2 system. You can scan the device's open ports using commands like 'nmap' to identify these services. For example, running 'nmap -p 22,80,23,445,6000 <device_ip>' can help detect if these services are accessible. Additionally, attempting to log in using the known hard-coded credentials on these services can confirm vulnerability presence. Physical inspection for enabled USB or Ethernet ports beneath the table may also help identify potential local access points.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the management services (SSH, HTTP, Telnet, SMB, X11) on the affected device. Physically securing or disabling USB and Ethernet ports to prevent local or near-local access is also critical. Updating the device firmware to the latest version that disables USB access, as reported by the vendor, is recommended. Changing or removing the hard-coded credentials, if possible, and limiting network access to trusted users can further reduce risk.