CVE-2016-2333

EUVD-2016-3417
SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
systechsyslink_sl-1000_modular_gateway_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/822980
http://www.kb.cert.org/vuls/id/822980