CVE-2017-3217

Name of the Vulnerable Software and Affected Versions: CalAmp LMU 3030 series OBD-II CDMA and GSM devices (affected versions not specified)

Description: The issue concerns an SMS interface in the devices that can be exploited if no password is configured. An attacker can send administrative commands to the device by knowing its phone number, potentially gained through an IMSI Catcher. These commands allow for real-time access and configuration of parameters like IP addresses, firewall rules, and passwords.

Recommendations: For CalAmp LMU 3030 series OBD-II CDMA and GSM devices, configure a password for the SMS interface to prevent unauthorized access. As a temporary workaround, consider restricting access to the SMS interface until a secure configuration can be implemented.