CVE-2025-34501— Light & Wonder Deck Mate 安全漏洞

Shuffle Master Deck Mate 2 Hard-coded Credentials & Exposed Services

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as connecting to the USB or Ethernet ports beneath the table - the built-in credentials permit administrative login and full control of the system. Once authenticated, an attacker can access firmware utilities, modify controller software, and establish persistent compromise. Remote attack paths via network, cellular, or telemetry links may exist in specific configurations but generally require additional capabilities or operator error. The vendor reports that USB access has been disabled in current firmware builds.

N/A

使用硬编码的凭证

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate是英国Light & Wonder公司的一款自动发牌设备。 Light & Wonder Deck Mate存在安全漏洞，该漏洞源于使用硬编码凭证且默认启用多个管理服务，可能导致未经授权的管理员登录和系统完全控制。

N/A

N/A