CVE Vulnerabilities

CVE-2017-9649

Use of Hard-coded Cryptographic Key

Published: Sep 20, 2017 | Modified: Nov 21, 2024
CVSS 3.x
5
MEDIUM
Source:
NVD
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS 2.x
5.4 MEDIUM
AV:A/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.

Weakness

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Affected Software

Name Vendor Start Version End Version
Dmc_3000_firmware Mirion_technologies - (including) - (including)

Potential Mitigations

References