CVE-2017-9649

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2017-9649
A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.

5.0 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 5.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02 Mitigation Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/100001 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mirion_technologies:dmc_3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mirion_technologies:dmc_3000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mirion_technologies:ipam_transmitter_f\/dmc_2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mirion_technologies:ipam_transmitter_f\/dmc_2000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mirion_technologies:telepole_ii_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mirion_technologies:telepole_ii:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mirion_technologies:rds-31_itx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mirion_technologies:rds-31_itx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mirion_technologies:rsd31-am_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mirion_technologies:rsd31-am:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mirion_technologies:wrm2_mesh_repeater_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mirion_technologies:wrm2_mesh_repeater:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mirion_technologies:drm-1\/2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:mirion_technologies:drm-1\/2:-:*:*:*:*:*:*:*
Information

Published : 2017-09-20 09:29

Updated : 2019-10-09 16:30

NVD link : CVE-2017-9649

Mitre link : CVE-2017-9649

JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa
Products Affected

mirion_technologies

  • telepole_ii_firmware
  • dmc_3000_firmware
  • rsd31-am
  • drm-1\/2
  • wrm2_mesh_repeater
  • wrm2_mesh_repeater_firmware
  • drm-1\/2_firmware
  • rds-31_itx
  • rds-31_itx_firmware
  • ipam_transmitter_f\/dmc_2000
  • dmc_3000
  • ipam_transmitter_f\/dmc_2000_firmware
  • rsd31-am_firmware
  • telepole_ii