CVE-2025-34500— Light & Wonder Deck Mate 安全漏洞

Shuffle Master Deck Mate 2 Insecure Update Chain

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's USB update port - can craft or modify firmware packages to execute arbitrary code as root, allowing persistent compromise of the device's integrity and deck randomization process. Physical or on-premises access remains the most likely attack path, though network-exposed or telemetry-enabled deployments could theoretically allow remote exploitation if misconfigured. The vendor confirmed that firmware updates have been issued to correct these update-chain weaknesses and that USB update access has been disabled on affected units.

N/A

使用硬编码的密码学密钥

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate是英国Light & Wonder公司的一款自动发牌设备。 Light & Wonder Deck Mate存在安全漏洞，该漏洞源于固件更新机制未验证加密签名并使用硬编码AES密钥，可能导致执行任意代码。

N/A

N/A