PT-2025-44802 · Unknown · Deck Mate 2
Enrique Nissim
+2
·
Published
2025-11-03
·
Updated
2025-11-04
·
CVE-2025-34501
CVSS v4.0
7.0
High
| Vector | AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Deck Mate 2 (affected versions not specified)
Description
Deck Mate 2 is shipped with pre-set, unchanging credentials for both the root shell and the web user interface. Multiple management services, including SSH, HTTP, Telnet, SMB, and X11, are enabled by default. An attacker gaining access to these interfaces – typically through local or nearby network connections via USB or Ethernet ports – can use these credentials to log in as an administrator and gain complete control of the system. This access allows modification of firmware utilities and controller software, potentially leading to persistent compromise. While remote access paths through networks, cellular connections, or telemetry links may exist, they generally require additional capabilities or user error. The vendor states that USB access has been disabled in recent firmware updates.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Deck Mate 2