Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shuffle Master Deck Mate 2 Insecure Update Chain
Vulnerability Description
Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's USB update port - can craft or modify firmware packages to execute arbitrary code as root, allowing persistent compromise of the device's integrity and deck randomization process. Physical or on-premises access remains the most likely attack path, though network-exposed or telemetry-enabled deployments could theoretically allow remote exploitation if misconfigured. The vendor confirmed that firmware updates have been issued to correct these update-chain weaknesses and that USB update access has been disabled on affected units.
CVSS Information
N/A
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Light & Wonder Deck Mate 安全漏洞
Vulnerability Description
Light & Wonder Deck Mate是英国Light & Wonder公司的一款自动发牌设备。 Light & Wonder Deck Mate存在安全漏洞,该漏洞源于固件更新机制未验证加密签名并使用硬编码AES密钥,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A